The ups and downs of ransomware software development

Threat actors are always changing their malware and tactics to evade the technical solutions the anti-virus and other security solution vendors distribute. So it is no surprise that malware gets patches and updates as well:

Colonial Pipeline hackers add startling new capabilities to ransomware operation – The Record by Recorded Future

This upgrade of BlackCat/ALPHV ransomware software has improved its ability to carry out the double extortion – encrypt your information as well as exfiltrate it from your servers to theirs. From there they will also threaten to release your secrets to the Dark Web or into the public domain.

Your ransomware resilient back-up will solve the encryption attack, however the theft and release of secure information will need different tactics, such as information segregation, before the cyber incident.

On the other hand, here is a cyber security threat that every legitimate organisation faces – the insider threat – here used against the threat actors. A disgruntled developer has leaked the code for the LockBit ransomware into the public domain.

LockBit ransomware builder leaked online by “angry developer” (bleepingcomputer.com)

This will be a real bonus for the security vendors mentioned earlier. Knowing the technical details of the ransomware will help the vendors build better protections of us.

However, it also means the other hacking groups will see the code and improve or start their own ransomware campaign!

I told you this was a post with ups and downs in it…

Clive Catton MSc (Cyber Security) – by-line and other articles

ransomware 200