The latest edition of the ISMG Security Report features an analysis of the disappearance of ransomware-as-a-service groups, such as REvil and Darkside, and how that impacts the wider cybercrime ecosystem. Also featured: ransomware recovery tips; regulating cyber surveillance tools.
Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks. Given that attackers first need remote access to victims' systems, robust patch management and remote desktop protocol security remain obvious must-have defenses.
Cyber insurance provider Coalition Inc. says its clients' average claims for losses when they were hit by a ransomware attack totaled $184,000 in the first half of this year, down 45% compared to the second half of 2020. Negotiating lower ransoms and more efficient recovery were key factors.
A new ransomware group called BlackMatter has debuted, claiming to offer the best features of REvil and DarkSide - both apparently defunct - as well as LockBit. A new attack using REvil's code has also been spotted, but a security expert says it's likely the work of a former affiliate.
Europol says the "No More Ransom" project, a portal launched five years ago, so far has helped more than 6 million ransomware victims worldwide recover their files for free so they could avoid paying almost 1 billion euros ($1.2 billion) in ransoms.
Remote management software company Kaseya says it obtained the ability to decrypt all victims of a massive REvil - aka Sodinokibi - attack via its software, without paying a ransom to attackers. But Kaseya has still not revealed how it obtained the decryption key, except to say it was supplied by a third party.
A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes.
Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware. In addition, fewer victims are paying a ransom simply for a promise from attackers to delete stolen data.
As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery.
Remote management software vendor Kaseya has obtained a decryption tool for all organizations affected by the massive ransomware attack launched via its software. The tool should especially help the many small businesses still struggling to recover. Kaseya declined to comment on how it obtained the decryptor.
Saudi Aramco, one of the world's largest oil and natural gas firms, has confirmed that company data was leaked after one of its suppliers was breached. Extortionists are reportedly demanding a $50 million ransom - payable in monero cryptocurrency - for a promise to delete the stolen data.
What's up with REvil? Questions have been mounting since the notorious ransomware operation went quiet on July 13, not long after unleashing a mega-attack via remote management software vendor Kaseya's software. The Biden administration has welcomed REvil's online shutdown but says it doesn't know the cause.