At a glance.
- A look at the Darkside ransomware gang.
- FBI warns that ransomware attacks on schools are up.
- REvil ransomware hits Acer.
- California state employee exposes Atascadero State Hospital COVID-19 data.
- Trojan impersonates Clubhouse app.
Take a walk on the Darkside.
After examining several recent campaigns, researchers at Varonis offer an in-depth examination of the techniques of the ransomware group Darkside. Since first emerging as a ransomware-as-a-service (RaaS) operation in 2020, the group has made a name for itself with campaigns that display in-depth knowledge of their victims’ technological weaknesses. Reverse engineering shows that the group avoids attacking Russia-based institutions, and they’ve publicly stated that they steer clear of hospitals, schools, and governments, opting to focus on larger, more lucrative organizations. What makes their operation unique is their focus on stealth strategies, like establishing command and control routed through TOR, deleting log files, and using customized code and connection hosts for each target. Their methods demonstrate the need for organizations to protect themselves by using multi-factor authentication, diligently patching vulnerabilities, and limiting employee access to sensitive data.
Caleb Barlow, CEO of CynergisTek offers commentary on the recent story about a California state employee exposing the COVID-19 test and tracking data of more than two thousand people.
Click here to read the full story.