In the ever-shifting ransomware landscape, we saw new ransomware gangs emerge, threat actors return from a long absence, operations shifting extortion tactics, and a flurry of attacks on the enterprise.
Over the past few weeks, we have reported on new ransomware operations that have emerged in enterprise attacks, including the new
Cactus,
Akira,
RA Group operations.
This week a relatively new operation named Abyss hit L3Harris, a $17 billion defense company, shifting them into the spotlight.
We also
learned about MalasLocker, a ransomware operation targeting Zimbra servers since March. The hackers also have an unusual extortion tactic, demanding victims donate to an approved charity to receive a decryptor and prevent a data leak.
Whether or not the ransomware gang will keep to the arrangement or if this is just an interesting marketing campaign is too soon to tell.
As for shifting extortion tactics, a joint FBI and CISA report confirmed that the BianLian ransomware operation has
switched to extortion-only attacks after Avast released a decryptor.
We also learned about new attacks and significant developments in previous ones:
Finally, researchers and law enforcement released new reports:
