Encore: When big ransomware goes away, where should affiliates go? [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 1 January 2022

⏱️ 16 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: Emerging Threats." As part of Unit 42’s commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more prevalent in the future. Doel discusses these (AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0) with Dave. The research can be found here: Ransomware Groups to Watch: Emerging Threats

Transcript

Click on a timestamp to play from that location

0:00.0	Hello everyone and welcome to the CyberWire's Research Saturday.
0:10.0	I'm Dave Bitner and this is our weekly conversation with researchers and analysts
0:15.0	tracking down threats and vulnerabilities, solving some of the hard problems of
0:19.4	protecting ourselves in a rapidly evolving cyberspace.
0:23.0	Thanks for joining us.
0:25.0	The initial thought of this was when big ransomware says Reevil, Darkside, and others go away,
0:39.0	if I'm an affiliate, where should I go, right?
0:42.0	And that evolution of trying to keep track of these
0:44.9	Rensselaer families that are now trying to get a piece of that cake. That's
0:49.6	Doel Santos he's a threat intelligence analyst at Palo Alto Networks Unit 42.
0:55.5	The research we're discussing today is titled Ransomware Groups to Watch Emerging Threats. threats. Well, let's go through it together. I mean, there are four main groups that you highlight
1:20.8	here. Can we start off just by listing who did we cover in this report?
1:24.8	Sure, yeah, and this week in this particular report I selected Ava's Locker,
1:30.1	Hive Leaks, Log Big 2.0, and Hellakiti, that's part of the initial part of the report.
1:36.0	Well, let's go through them together one at a time and point out some of the specifics about each group.
1:42.8	Why don't we start with Avoslocker?
1:44.6	Yeah, Avoslocker is quite interesting.
1:47.0	The way that I stumbled across this ransomware
1:49.6	was taking a look at a Dark web discussion forum called dread.
1:54.8	For those who don't know, dread is similar to Reddit
1:58.1	of the dark web.
1:59.2	Some people post news, post information over there.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.