Online trust and identity management giant Entrust suffered a security breach by a notorious ransomware gang that exfiltrated files from the company’s internal network.
Since June, some ransomware gangs have begun incorporating search functions into their data leak sites, making stolen data more accessible to put added pressure on victims.
LockBit may have wanted to the hit the headlines following a Mandiant report linking them to Evil Corp, which would mean lost revenue due to US government sanctions.
It is unclear if the website defacement with ransom notes signals a broader trend, but ransomware gangs have been known to change and evolve their tactics over time.
Leveraging the Hancitor malware, the ransomware gang earned $43.9 m after compromising 49 critical infrastructure entities in finance, government, healthcare, manufacturing, and IT.
The US authorities offered a $10 million reward for information to identify or locate REvil and DarkSide ransomware gang leaders, and $5 million for their affiliates preparing attacks.
After its infrastructure went offline in October, there was widespread speculation that the REvil ransomware group was done for good. The likelihood of that increased with last week's apprehension of affiliates along with the seizure of $6.1 million.
BlackMatter ransomware gang rose to prominence in the criminal underworld this summer after competitors such as DarkSide and REvil fell by the wayside. The upstart group now appears to have suffered the same fate.
Collaborative international law enforcement effort appears to have at least temporarily crippled the notorious REvil ransomware gang, taking the group's Tor sites and dark web infrastructure off the internet and putting it beyond reach.
Ransomware gangs regularly add new tactics and twists to their playbooks to increase pressure on victims. The latest development comes from the Ragnar Locker group, who are now threatening to publish sensitive information if the victim even makes contact with authorities.
