The new “BlackMatter”, “Haron”, and “El_Cometa” ransomware groups, which surfaced in the past three weeks, bear significant similarities to ransomware groups that disappeared last month. In addition, “Babuk” and “Lockbit” have returned to the scene as “2.0” versions of their original groups. Both phenomena point to a rebranding effort of ransomware operators―some claiming significant advancements in capability and technical sophistication. The rebranding trend likely represents the completion of a ransomware development cycle, which is often observed after groups cease attacks, and will probably bring new ransomware operations. In general, an increase in ransomware activity against all sectors and geographies is likely over the short-term future (one to three months), coinciding with the emergence of new (or rebranded) ransomware groups.
Most Recent Flipbooks
Weekly Intelligence Summary 3rd Dec
Success of UK security bill depends on Internet of Things users
Weekly Intelligence Summary 27th August
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.
Weekly Intelligence Summary 20th August
A configurable, malicious Traffic Direction System (TDS) has been enabling widespread malware attacks.
Weekly Intelligence Summary 13th August
A years-long reconnaissance campaign against an employee of a US aerospace defense company was discovered and attributed to “TA456”, an Iranian state-backed advanced persistent threat (APT) group.