With all the ransomware activity in recent weeks, there is no shortage of developments and disclosures - from more ransomware groups claiming to call it quits to lesser discussed facets about ransomware negotiations. If you haven’t experienced a ransomware incident, it is prudent to keep up with current evolutions and considerations to potentially include with your ransomware response planning. Some of the more significant developments last week include:
Ransomware Roulette – Cybersecurity journalist Kim Zetter interviews Bill Siegel, CEO of ransomware response firm Coveware. Bill answers questions about why some organizations decide to pay, such as cost per hour of downtime, integrity of backups, and time to restore without paying. He also explains why European firms don’t seem to pay as much in ransoms, citing a higher tolerance for downtime and more willingness to use tape backups than U.S. organizations. Read more at Zetter’s Zero Day Blog.
Avaddon Claims to Call it Quits – On Friday, the group responsible for the Avaddon ransomware reportedly shut down and provided nearly 3000 decryption keys for their victims to BleepingComputer.com. Avaddon has been around since June 2020 and became one of the prominent ransomware groups. Among its victims is EFCO (www[.]efcoforms[.]com), a water and wastewater sector contractor (originally reported in the Security & Resilience Update for August 25, 2020). Read more at Bleeping Computer.
Ransomware Exploits Old SonicWall Vulnerability – Ransomware attackers are leveraging an old SQL injection vulnerability (CVE-2019-7481) found in unsupported SonicWall Secure Remote Access (SRA) 4600 devices running firmware versions 8.x and 9.x. The SonicWall SRA 4600 devices were no longer supported as of November 2019. According to Crowdstrike, a cyber crime group is actively exploiting the flaw. Read more at HelpNetSecurity.
FBI Still Discourages Ransomware Payments – Despite payments made by organizations to the contrary, FBI Director Christopher Wray told members of the House Judiciary Committee on Thursday that the bureau still discourages ransomware payments. Read more at SecurityWeek.
The Week in Ransomware for June 11, 2021 – In case we missed anything above, for more of the past week’s biggest ransomware developments, check out Bleeping Computer’s weekly series.