Claims of ties between ransomware groups met with skepticism among threat researchers

  • Cyber chatter flowed on Twitter right now just after a researcher, who goes by the handle @pancak3lullz, posted about promises from ransomware gang REvil that EvilCorp and Maze are basically one particular team operated by eight persons with ties to the Russia govt.

    While attention-grabbing, really should rank-and-file security professionals even care about this variety of discuss?

    Most likely not in conditions of defense practices, stated Rick Holland, main facts security officer and vice president of method at Electronic Shadows, who agreed that although defining attribution to well known ransomware teams is as intriguing as it is difficult, for the vast majority of business defenders, it’s mainly a distraction.

    “Your defenses do not radically improve whether you are up versus a classic cybercriminal or state-affiliated just one,” Holland explained. “Patching regarded vulnerabilities, enabling multi-factor authentication, and disabling macros will go a very long way no make any difference the menace de jour.”

    Joe Slowick, senior security researcher at DomainTools, warned that right up until substantiated, statements of a hyperlink amongst the two teams should be handled with intense skepticism.

    “Overall, small of acquiring immediate obtain to adversary infrastructure communications, or operational setting up, it is really challenging to ‘pinpoint’ such groups, specially as ransomware operations increasingly break down into many ‘teams’ offering accessibility, solutions, and tools to each and every other,” he claimed.

    Just as some problem the validity of supposed ties amongst the groups, or association with Russia’s Federal Counterintelligence Services, some see the statements as a probable red herring.

    “Personally, I assume it is all a ploy to produce distraction from legit investigative get the job done on the subject and more darknet drama all over an already nervousness-fueled darknet commodity,” stated Mark Turnage, CEO of DarkOwl.

    Open source reporting from December 2019 connected EvilCorp to Maxim Yakubets and the federal authorities issued indictments for Yakubets and other foremost members of the EvilCorp hacking team, assessed to be greatly secured by the Russian governing administration. Nonetheless, Tor and equivalent decentralized networks that protect the originating IP deal with of its people make deanonymization of unique buyers extremely demanding.

    What is very clear, nonetheless, is that teams inside the neighborhood periodically dismantle or reincarnate with new branding and personas.

    “There’s no question that quite a few of the groups are operating with each other, Turnage stated. “But to what extent they are all a person in the exact is left to be uncovered.”