Has the REvil ransomware operation come storming back? Experts say a new operation called BlackMatter has wielded REvil's code against at least one victim, claims to combine "the best features of DarkSide, REvil and LockBit," and may be a former affiliate of one or more of these ransomware operations.
Europol says the No More Ransom Project, a portal launched five years ago, so far has helped more than 6 million ransomware victims worldwide recover their files for free so they could avoid paying almost 1 billion euros ($1.2 billion) in ransoms.
Remote management software company Kaseya says it obtained the ability to decrypt all victims of a massive REvil - aka Sodinokibi - attack via its software, without paying a ransom to attackers. But Kaseya has still not revealed how it obtained the decryption key, except to say it was supplied by a third party.
A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes.
Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware. In addition, fewer victims are paying a ransom simply for a promise from attackers to delete stolen data.
As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery.
Remote management software vendor Kaseya has obtained a decryption tool for all organizations affected by the massive ransomware attack launched via its software. The tool should especially help the many small businesses still struggling to recover. Kaseya declined to comment on how it obtained the decryptor.
Saudi Aramco, one of the world's largest oil and natural gas firms, has confirmed that company data was leaked after one of its suppliers was breached. Extortionists are reportedly demanding a $50 million ransom - payable in monero cryptocurrency - for a promise to delete the stolen data.
Building business resilience through a "zero trust" approach requires role-based authentication, user access velocity checks, and monitoring people, processes, and technologies, a panel of experts says.
What's up with REvil? Questions have been mounting since the notorious ransomware operation went quiet on July 13, not long after unleashing a mega-attack via remote management software vendor Kaseya's software. The Biden administration has welcomed REvil's online shutdown but says it doesn't know the cause.
Campbell Conroy & O’Neil, a Boston-based law firm that serves Fortune 500 firms, including Apple and Pfizer, is continuing its investigation of a ransomware attack in February that resulted in unauthorized access to certain data about its clients.
The blockchain analysis firm Elliptic offers a step-by-step case study, based on its research, of how one victim of the REvil ransomware gang negotiated a lower ransom payment. The study offers insights into how REvil operated before its online infrastructure disappeared last week.
The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations. This group is also accused of carrying out ransomware and other cyber operations.
A greater level of cooperation is needed between the DOD and DHS to ensure that U.S. critical infrastructure is protected against various cyberthreats, according to an inspector general's report. The SolarWinds attack showed the need for more coordination between the two departments.