Last Week in Ransomware: Week of July 5th

Ransomware in the News Before we get to the major ransomware attack that occurred over the holiday weekend, let’s take a look at some of the other stories from the...
Michael Raymond
2 min read
Last updated March 3, 2022

Ransomware in the News

Before we get to the major ransomware attack that occurred over the holiday weekend, let’s take a look at some of the other stories from the past week.

An old version of the Babuk ransomware builder was leaked and seems to have been used by unaffiliated groups. Meanwhile, the real Babuk cybercriminal gang must have gotten inspired by other people using their work or simply bored of data theft because they’re back at it again.

Want to learn ransomware basics and earn a CPE credit? Try our free course.

“In just one hour, I’ll teach you the fundamentals of Ransomware and what you can do to protect and prepare for it.”

In unrelated news, the messy world of ransomware attribution has gotten a little clearer since security researchers have linked the Diavol ransomware to Wizard Spider a group better known for its botnet Trickbot.

Threatpost published an informative article on Ransomware as a service (RaaS), a list of 5 things to do to improve your defenses

REvil Ransomware

The biggest news of the week is definitely the REvil attack which used a zero-day in the source code of management software to attack thousands of companies. As new details emerge it seems this attack was more wildly successful than the criminal gang had planned for. The gang has been so overwhelmed by trying to process the ransoms it has offered a blanket ransom of $70 million for all of them. And even went on to lower that offer to $50 million.

Additionally, the supply chain attack seems to have purposely targeted the 4th of July weekend leaving many US companies understaffed and unable to handle the crisis on the holiday weekend. This timing also serves to highlight an important when auditing your own defenses, don’t account for the ideal circumstances. Account for the worst day of the year when you are least staffed or least prepared for an attack.

Ransomware Research

The Babuk ransomware builder, which is used for creating payloads and decrypting them, has found its way onto VirusTotal. And just so the Babuk builder doesn’t get lonely, the Chaos Ransomware Builder V3 is also up on VirusTotal.

There appears to be a new .hive ransomware. As well as a new .miis extension Djvu ransomware including a VirusTotal sample.

Ransomware gangs are now making recruiting websites. It’ll be interesting to watch this develop. It could turn out to be some sort of sting operation or used to plant a white-hat hacker in one of these groups.  

GitHub Tools 

The US Cybersecurity and Infrastructure Security Agency (CISA) has made a Ransomware Readiness Assessment (RRA) which can be found open-source on GitHub. This tool should be incredibly powerful for helping organizations audit their defenses and learn how to recover from ransomware attacks.

Not exactly a GitHub tool but a free Lorenz ransomware decryptor has been released. 

Upcoming Security Conferences

The Cyber Strategy Retreat 2021(July 14-15)

The Cyber Strategy Retreat aims to facilitate collaboration between business, technology, and Risk Management leadership. The retreat focuses on going above and beyond compliance-driven programs and tackling cybersecurity risks, such as ransomware, to the fullest extent possible.

International Conference on Cyber Security 2021 (July 19 – 22)

The International Conference on Cybersecurity or ICCS is hosted by the FBI and Fordham University and focuses on bringing together government, private sector, and academia to discuss current cyber threats such as ransomware. 

BLACK HAT USA 2021 (July 31 – Aug 5)

Black hat is one of the largest annual security conferences. It’s the corporate version of Defcon and as such is a great opportunity to get face time with security professionals such as the Varonis team. Be sure to stop by our booth!

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

last-week-in-ransomware:-week-of-august-9th
Last Week in Ransomware: Week of August 9th
This week saw the rise of a new ransomware group called BlackMatter and demonstrated even ransomware groups should worry about disgruntled employees.
last-week-in-ransomware:-week-of-august-16th
Last Week in Ransomware: Week of August 16th
This week was a win with REvil and SynACK decryption keys being released, but also saw a rise in PrintNightmare use by ransomware gangs.
last-week-in-ransomware:-week-of-july-19th
Last Week in Ransomware: Week of July 19th
This past week hasn't seen quite as much activity as others, likely due to the new ransomware task force created in the US and the mysterious disappearance of REvil and other gangs.
last-week-in-ransomware:-week-of-july-26th
Last Week in Ransomware: Week of July 26th
This week REvil Ransomware had a universal decryption key appear out of thin air and the US has accused China of ProxyLogon.