Notable Q3 Ransomware Trends and Campaigns
Trellix saw the resurgence of the DarkSide ransomware group known as BlackMatter, despite that group’s claim to have stopped operating, Raj Samani said.
“In using many of the same modus operandi that DarkSide used in the Colonial Pipeline attack, BlackMatter continued to leverage the double extortion approach, threatening to reveal data of victims unless a ransom is paid,” he said. “Notably we are also seeing new groups pop up — maybe not new groups, but certainly new variants. Most recently we have been tracking BlackCat, which is a capable threat group leveraging triple extortion tactics. These groups are finding new ways to extort more money from victims.”
REvil/Sodinokibi claimed responsibility for successfully infecting more than 1 million users through a ransomware attack on Kaseya VSA. REvil’s reported ransom demand of $70 million was the largest publicly known ransom amount to date. The results of the attack included the forced closing of hundreds of supermarket stores for several days.
LockBit 2.0 surfaced in July 2021 and eventually listed more than 200 victims on its data-leak site.
