Lots of Scarab, Matrix, and Dharma variants this week as well as some good writeups on the GandCrab ransomware. Also of interest is ESET publishing of their report that ties NotPetya and Industroyer to the TeleBots Group.
It has been a very slow week for ransomware, which we are always happy about. While ransomware will never go away completely, as time goes on, more people become educated, and better backup strategies are created, we continue to see ransomware slowly diminishing.
The United States has imposed sanctions against Russian entities for the NotPetya ransomware outbreak, cyber-attacks on the US power grid, and their attempts to influence the 2016 US presidential election process.
All the countries part of the Five Eyes intelligence-sharing alliance — the US, the UK, Canada, Australia, and New Zealand— have made formal statements accusing the Russian Federation of orchestrating the NotPetya ransomware outbreak.
The biggest news this week is the UK formally attributing NotPetya to Russian attackers. Also if interest this week is the release of the Saturn Ransomware, which has a more organized feel compared to other ransomware distributions currently being distributed
The UK has become the first major Western country to formally accuse the Russian military of orchestrating and launching the NotPetya ransomware outbreak.
The world's largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017.
Ukrainian authorities and businesses are on alert after a local security firm reported that another accounting software maker got hacked and its servers were being used to spread malware.
Ukrainian authorities have arrested a 51-year-old man from Nikopol, Dnipropetrovsk region, on accusations of distributing a version of the NotPetya ransomware.
It has been a week heavily dominated by GlobeImposter variants being released here and there and smaller ransomware variants with little or no distribution. We also saw news about companies still being affected by the NotPetya attack.
The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak.
US pharmaceutics giant Merck was severely affected by the NotPetya ransomware outbreak that took place at the end of June, and the company is still struggling to restore all systems and resume normal operations, according to an 8-K report filed with the US Securities and Exchange Commission (SEC).
US-based and international courier delivery service FedEx admitted on Monday that some of its systems were significantly affected by the NotPetya ransomware, and some of the damage may be permanent.
Been a great week for victims, with decryptors coming out for BTCWare, Cryptomix, Executioner, and the release of the original Petya key. Otherwise, it has been a lot of NotPetya news and numerous smaller variants being released.
The author of the original Petya ransomware — a person/group going by the name of Janus Cybercrime Solutions — has released the master decryption key of all past Petya versions.
Servers and infrastructure belonging to Intellect Service, the company behind the M.E.Doc accounting software, were grossly mismanaged, being left without updates since 2013, and getting backdoored on three separate occasions during the past three months.
The person or group behind the NotPetya ransomware has made its first move since the outbreak that took place eight days ago.
Ukrainian Police announced today it seized the servers from where the NotPetya ransomware outbreak first started to spread.
On Friday, three cyber-security firms have come forward with reports or statements that link the NotPetya ransomware outbreak to a cyber-espionage group known for a large number of past cyber-attacks, such as the one on Ukraine's power grid in December 2015.
It has been another crazy week when it comes to ransomware due to the NotPetya outbreak. This ransomware/destructive malware played havok all over the world, but especially the Ukraine, when it was unleashed on Tuesday. Other than that, the rest of the ransomware news was basically small variants being developed or released.