Now, let’s explore the most notable ransomware news and findings since our last Threat Debrief release:
BlackCat (ALPHV) Stages Exit Scam: The BlackCat ransomware collective seemingly orchestrated an elaborate exit scam, shutting down their storefront and replacing it with a fabricated law enforcement seizure notice. Security researchers quickly exposed the charade, highlighting the ever-present distrust within the RaaS ecosystem.
LockBit Develops Next Iteration: LockBit, retaining the top spot by claimed victims (56), is reportedly working on LockBit-NG-Dev (likely v4.0). This new version is moving away from the traditional C/C++ programming languages and towards the .NET framework. LockBit-NG-Dev is compiled with CoreRT, which could allow LockBit to run their malware on other operating systems like Linux, macOS, and even mobile devices. This new sample is packed with MPRESS for further obfuscation, making it potentially harder to identify.
Play Ransomware Hits Government Contractor: A Play ransomware attack breached Xplain, a government contractor in Switzerland. The attack exposed roughly 65,000 sensitive federal documents, primarily impacting the justice and police department with leaked personal data, classified information, and passwords. This incident underlines the vulnerability of government supply chains to ransomware attacks.
RA World Expands Globally: Previously focused on South Korea and the US, RA World is now a global threat. This month, they rank fourth with 33 claimed victims, showcasing their expansion into Europe (most victims in Germany and UK), Asia (India, Taiwan, South Korea…) or Latin America (Mexico).
RaaS Bidding War Heats Up: In a battle for talent, RaaS startups are offering lucrative deals. Medusa, a midmarket group, targets former ALPHV and LockBit affiliates with a revenue share model starting at 70/30 and skyrocketing to 90/10 for million-dollar ransoms. They also provide 24/7 support, aiming to be a one-stop shop for affiliates.
RansomHub: Trust Us, We’re Ransomware: Rising quickly, RansomHub offers a generous 90/10 split and allows collaboration with other groups. Interestingly, they claim a code of conduct, refusing to target non-profits and specific countries including the Commonwealth of Independent States (alliance of some ex-Soviet states), Cuba, North Korea, and China. However, public pronouncements in the ransomware world are often unreliable.
About Bitdefender Threat Debrief
The Bitdefender Threat Debrief (BDTD) is a monthly series analyzing threat news, trends, and research from the previous month. Don’t miss the next BDTD release, subscribe to the Business Insights blog, and follow us on Twitter. You can find all previous debriefs here.
Bitdefender provides cybersecurity solutions and advanced threat protection to hundreds of millions of endpoints worldwide. More than 180 technology brands have licensed and added Bitdefender technology to their product or service offerings. This vast OEM ecosystem complements telemetry data already collected from our business and consumer solutions. To give you some idea of the scale, Bitdefender Labs discover 400+ new threats each minute and validate 30 billion threat queries daily. This gives us one of the industry’s most extensive real-time views of the evolving threat landscape.
___
If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.
Content curated by the team of COMPUTER 2000 on the basis of news in reputable media and marketing materials provided by our partners, companies, and other vendors.
Follow us to learn more
CONTACT US
Let’s walk through the journey of digital transformation together.