![]() Ransomware has been more-or-less feature complete for a number of years, and most RaaS offerings have very similar capabilities. ![]() Most software, even malware, trends towards "feature completeness"-a point where adding new features adds little, if anything, to its usefulness. The resurgent KaraKurt extortion group has a new leak site Trends The leak site disappeared on June 22, 2022, and remains down. Malwarebytes Threat Intelligence was able to independently confirm that Conti sent an internal announcement about its retirement to affiliates at the end of May, and that its internal chat servers stopped working around the same time. When the group's revenue dried up its leaders allegedly hatched a plot to retire the brand by dispersing its members into other ransomware gangs like BlackBasta, BlackByte, KaraKurt, Hive and ALPHV, and then faking its own death. As we reported in last month's ransomware review, detailed research by Advintel in May suggested that the gang's alignment with the Russian state in February had caused victims' lawyers to warn against paying it ransoms, for fear of breaking sanctions. ContiĪs expected, the last public vestige of the Conti ransomware gang, its leak site, disappeared in June, after a few weeks of inactivity. However, if it does intend to use bug bounties it improve its software and sharpen its approach then it could deprive law enforcement and security researchers of valuable tools and information. If all it wanted from the announcement was to drum up some publicity, it has already succeeded. Whether the group seriously intends to pay out these sums remains to be seen. The amount of remuneration varies from $1000 to $1 million. We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The gang launched LockBit 3.0, along with a new dark web site, and a bug bounty program promising rewards of up to $1 million for finding bugs in its website and software, submitting brilliant ideas, or successfully doxing the head of the gang's affiliate program. Unusually, LockBit hit the headlines in June with some obvious publicity seeking. Attracting the attention of the three-letter agencies in Russia and the USA is simply bad for business. Out of an abundance of self interest, ransomware has always conspicuously avoided attacking targets in Russia and the Commonwealth of Independent States, for example. ![]() ![]() This risk averse approach is nothing new. It is this combination of attractiveness to affiliates and an ability to avoid costly mistakes that seems to be behind its success this year. Affiliates are asked "if you do not find one of your favorite features, please inform us," and told that "it is very important for us to know about all our strengths and weaknesses." It says "we have never cheated anyone and always fulfill our agreements. Thereafter the page is peppered with people-pleasing language designed to signal the gang's trustworthiness and willingness to listen. We are located in the Netherlands, completely apolitical and only interested in money. Its affiliate page begins with a statement that seems designed to contrast it with its noisy Russian rival: Attacks are carried out by affiliates ("pen testers") who pay the LockBit organization 20 percent of the ransoms they receive in return for using its software and services.Īnd while some ransomware gangs seem to want to tell the world what they think, and how great they are, LockBit seems to care more about what its users think. Like all the ransomware in our review, LockBit is offered in the form of ransomware-as-a-service (RaaS). While Conti-“the costliest strain of ransomware ever documented,” according to the FBI-has spent 2022 making noisy pronouncements and digging itself out of a hole of its own making with a hair-brained scheme to fake its own death, LockBit has been all business. Although there were fewer victims on its leak site in June than in May, it was still far ahead of its competition. Without fanfare, LockBit has become the dominant force in ransomware this year. Known ransomware attacks by industry sector, June 2022 LockBit
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |