So much for darkened servers at the headquarters of DarkSide or REvil ransomware groups. Turns out, we’ve got either their rebranded versions or two new ransomware gangs to contend with. The first new group to appear this month was Haron, and the second is named BlackMatter. As Ars Technica‘s Dan Goodin points out, there may be more still out there. They’re both claiming to be focused on targets with deep pockets that can pay ransoms in the millions of dollars. They’re also virtue-signaling a la DarkSide, with similar language about sparing hospitals, critical infrastructure, nonprofits, etc. BlackMatter also promised free decryption if its affiliates screw up and kill kittens or freeze files at, say, pipeline companies, as happened when Colonial Pipeline was attacked by DarkSide in May. Haron & Its Cut-and-Paste Ransom Note The first sample of the Haron malware was submitted to VirusTotal on July 19. Three days later, the South Korean security firm S2W Lab reported on the group in a post that laid out similarities between Haron and Avaddon. Avaddon is yet another prolific ransomware-as-a-service (RaaS) provider that evaporated in June rather than face the legal heat that followed Colonial Pipeline and other big ransomware attacks. At the time, Avaddon released its decryption keys to BleepingComputer – 2,934 in total – with each key belonging to an individual victim. According to law enforcement, the average extortion fee Avaddon demanded was about $40,000, meaning the…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-07-28 14:33:002021-07-28 14:33:00New Ransomware Gangs Haron & BlackMatter Are After Fat Cats
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org