Another Ransomware Roundup – June 17, 2020

There is still no shortage of ransomware posts this week. Here are a few of the more notables:

But for the Grace of Backups. Backups are great, but their effectiveness to enable restoration after a ransomware attack depends on a number of factors, such as the integrity of the backups (have they been tested/validated), the availability of the backups (if you keep a copy offline), or even the availability of the backup system used to restore (if the attacker found and encrypted/destroyed the backup system too). Check out SC Magazine for why backups are not the panacea for recovery from a ransomware attack.

It’s Time to Rachet-Up Ransomware Resilience. Mimecast takes a look at organizations investing more in cybersecurity to help combat ransomware. Check out mimecast to see how these organizations are stepping up their game.

Even Linux isn’t Safe from Ransomware. TrendMicro recently discovered ransomware using bash scripts targeting Linux distributions, they have dubbed this activity DarkRadiation. Upon investigating, they found the attack chain is fully implemented as a bash script, with perhaps more scripts to come. TrendMicro has seen bash scripts for Red Hat, CentOS, and Debian-based Linux distributions. Members are encouraged to send this article from TrendMicro to your Linux system administrators.

DARKSIDE Affiliates May Still be Active. Mandiant outlines activity from DARKSIDE affiliate UNC2465 days after the publicly reported shutdown of the overall DARKSIDE program. Mandiant believes that affiliate groups that have conducted DARKSIDE intrusions may use multiple ransomware affiliate programs and can switch between them at will. Read more at Fireeye.