Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers

Digital sleuths at cyber threat intelligence firms have found clues that a seemingly new ransomware organization has links to DarkSide and REvil, two gangs that suddenly disappeared shortly after major attacks. From the moment DarkSide vanished following the Colonial Pipeline incident and REvil went dark after locking up JBS and customers of Kaseya, questions swirled about whether a government took them down, whether attackers quit, or whether they simply went underground to rebrand. Flashpoint, Mandiant and Recorded Future on Tuesday and Wednesday said they discovered at least some connection between DarkSide and/or REvil and BlackMatter, a group that emerged last week. “The project has incorporated in itself the best features of DarkSide, REvil, and LockBit,” BlackMatter itself proclaimed, according to Recorded Future. LockBit is another ransomware operation that first appeared in 2019, and all three are thought to operate out of Russia. Exactly what “best features” BlackMatter borrowed from other […]

The post Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers appeared first on CyberScoop.

Continue reading Threat intel firms suggest ransomware gang ‘BlackMatter’ has ties to DarkSide, REvil hackers

Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says

The tides may be starting to turn on the ransomware epidemic, new industry findings show. The average ransomware payment declined to $136,576 in the second quarter of 2021, according to numbers published Friday by ransomware response firm Coveware. The company did not share how many companies that data was based on. The 38% decrease is a dramatic drop from the average demand of $220,298 that the firm reported in April for the first quarter. That number was a 43% increase from the last quarter of 2020. The decline comes in the shadow of three major ransomware attacks hitting the U.S. supply chain. Since May, U.S. officials have faced three high-profile ransomware attacks against fuel provider Colonial Pipeline, meat supply company JBS, and most recently Florida IT company Kaseya. The latter two attacks have been attributed to REvil, a ransomware gang thought to be based in Russia. The resulting wake-up call in both […]

The post Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says appeared first on CyberScoop.

Continue reading Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says

Kaseya obtains decryption key for victims of massive ransomware attack

Roughly three weeks after Russia-based ransomware group REvil attacked Kaseya, the Florida-based IT firm has obtained a working decryption key to unlock encrypted files belonging to hundreds of victims, a spokesperson confirmed to CyberScoop on Thursday. Dana Liedholm, the company’s senior vice president of marketing, declined to comment on the source of the key, other than to say it came from a “trusted third party.” She also declined to comment when asked if the company had paid to obtain the key, or and on long it would take to remediate all the clients that had been impacted by the attack. The news was first reported by NBC’s Kevin Collier. Kaseya has estimated the number of affected companies at somewhere between 800 and 1,500. Private cybersecurity firms have suggested a higher figure, as Huntress Labs estimated the number of victims at closer to 2,000. Sophos Labs identified 145 victims in the […]

The post Kaseya obtains decryption key for victims of massive ransomware attack appeared first on CyberScoop.

Continue reading Kaseya obtains decryption key for victims of massive ransomware attack

Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy

In a series of ransomware payment negotiations last December, operatives from a gang known as “Egregor” alternated from treating their victims with surprising civility, and behaving like cartoonish movie villains. “The Egregor Team wishes you a Merry Christmas and a Happy New Year,” they’d say at intervals of their chat room communications, sometimes in the middle of an extortion back-and-forth. “We wish you wisdom in your decision making and financial stability in this difficult time for us all. Happy Holidays!” In another exchange, they weren’t as kind, threatening to leak victims’ data and publish it on a website as a warning to other organizations that might fall in the group’s crosshairs. “We simply need to determine what category you should be placed in. In the category of those who are ready to negotiate and pay or in the category of scarecrows on our news site,” one exchange read. “It’s not […]

The post Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy appeared first on CyberScoop.

Continue reading Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy

This Week is Security: REvil Goes Dark, Kaseya Cleanup, Android Updates, And Terrible Firmware

The funniest thing happened to REvil this week. Their online presence seems to have disappeared. Their Tor sites as well as conventional sites all went down about the same time …read more Continue reading This Week is Security: REvil Goes Dark, Kaseya Cleanup, Android Updates, And Terrible Firmware

Ransomware is the New-age Atomic Bomb

Ransomware can start cyber warfare! This is why. What if you can’t drive to your office because the traffic lights are red everywhere? You were to travel somewhere but you can’t take a train because the train control systems are not working. You can’t … Continue reading Ransomware is the New-age Atomic Bomb

US offers $10 million reward in hunt for state-sponsored ransomware attackers

The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign government, who participates in a cybercriminal attack against American critical infrastructu… Continue reading US offers $10 million reward in hunt for state-sponsored ransomware attackers