July has so far ushered in at least two new ransomware groups. Or maybe they’re old ones undergoing a rebranding. Researchers are in the process of running down several different theories.
Both groups say they are aiming for big-game targets, meaning corporations or other large businesses with the pockets to pay ransoms in the millions of dollars. The additions come as recent ransomware intrusions of oil pipeline operator Colonial Pipeline, meat packer JBS SA, and managed network provider Kaseya have caused major disruptions and created pressure in Washington to curb the threats.
Haron: like Avaddon. Or maybe not
The first group is calling itself Haron. A sample of the Haron malware was first submitted to VirusTotal on July 19. Three days later, South Korean security firm S2W Lab discussed the group in a post.