Last Week in Ransomware: Week of June 28th

Ransomware in the News If you’re a small or medium business using locally hosted cloud storage drives by a popular brand you need to disconnect them from the internet immediately....
Michael Raymond
2 min read
Last updated January 17, 2023

Ransomware in the News

If you’re a small or medium business using locally hosted cloud storage drives by a popular brand you need to disconnect them from the internet immediately. Due to a flaw hackers have been able to delete all the contents of the hard drives remotely. And now attackers are try to monetize it with ransomware

But the previously mentioned company isn’t alone in its security woes, yet another hard drive manufacturer got hit with Ragnar Locker. The attackers then subsequently released over 700 GB of data on the darknet.

Want to learn ransomware basics and earn a CPE credit? Try our free course.

“In just one hour, I’ll teach you the fundamentals of Ransomware and what you can do to protect and prepare for it.”

Last week we mentioned that a number of suspected Clop ransomware gang members got arrested. It turns out that the Binance cryptocurrency exchange was instrumental in helping track them down. The arrest certainly put a hamper on the group, but it wasn’t a fatal blow. After a short break, the group has released yet more confidential data.

In other news, it seems that yet another American city has been hit with ransomware this time by the Conti group who leaked approximately 18,000 files mostly consisting of police citations.

A new cybersecurity coalition has formed called #RansomAware. Their goal is to encourage organizations to report ransomware attacks as soon as they can.

In yet another attack on healthcare institutions, a Brazilian medical company got hit with Sodinokibi, more commonly known as REvil.

Ransomware Research

When any ransomware becomes successful enough they’re always copycats, this time the APIS ransomware has a pretender that’s really a wiper

A new strain of Rapid ransomware is making the rounds and using the .snoopdog extension along the way. Meanwhile, the Dharma ransomware has gone with .ZEUS or .nmc and STOP is using .ddsg. And not to be left out, there’s a new ransomware on stage called Spyro.

GitHub Tools 

Raccine is an open-source tool that attempts to be the ransomware vaccine working on the hypothesis that ransomware likes to delete Shadow copies using vssadmin. The program is able to intercept that request and kill the invoking process. Unfortunately, it does mean that legitimate processes can’t use that same command but it’s worth looking into and potentially another layer of defense for your system.

NekRos is a slightly older ransomware generator for Windows. Use at your own risk, but it could be a useful tool in testing your own defenses.

Upcoming Security Conferences

The Cyber Strategy Retreat 2021(July 14-15)

The Cyber Strategy Retreat aims to facilitate collaboration between business, technology, and Risk Management leadership. The retreat focuses on going above and beyond compliance-driven programs and tackling cybersecurity risks, such as ransomware, to the fullest extent possible.

International Conference on Cyber Security 2021 (July 19 – 22)

The International Conference on Cybersecurity or ICCS is hosted by the FBI and Fordham University and focuses on bringing together government, private sector, and academia to discuss current cyber threats such as ransomware. 

BLACK HAT USA 2021 (July 31 – Aug 5)

Black hat is one of the largest annual security conferences. It’s the corporate version of Defcon and as such is a great opportunity to get face time with security professionals such as the Varonis team. Be sure to stop by our booth!

 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

last-week-in-ransomware:-week-of-july-26th
Last Week in Ransomware: Week of July 26th
This week REvil Ransomware had a universal decryption key appear out of thin air and the US has accused China of ProxyLogon.
last-week-in-ransomware:-week-of-august-16th
Last Week in Ransomware: Week of August 16th
This week was a win with REvil and SynACK decryption keys being released, but also saw a rise in PrintNightmare use by ransomware gangs.
last-week-in-ransomware:-week-of-august-9th
Last Week in Ransomware: Week of August 9th
This week saw the rise of a new ransomware group called BlackMatter and demonstrated even ransomware groups should worry about disgruntled employees.
last-week-in-ransomware:-week-of-july-5th
Last Week in Ransomware: Week of July 5th
Ransomware in the News Before we get to the major ransomware attack that occurred over the holiday weekend, let’s take a look at some of the other stories from the...