KrebsOnSecurity discusses the Conti ransomware gang's decision to sell either victims' data or access to victims' networks. The communiqué (or threat) Conti posted is ambiguous with respect to what, precisely, is being offered for sale, but whatever the case may be, Conti hopes to punish uncooperative victims. Publicly naming the companies whose access one hopes to sell would seem to be self-defeating. Emsisoft speculated to KrebsOnSecurity that Conti may be considering an exit.
Conti's shift in strategy comes days after the gang issued a self-righteous and puerile valediction for REvil, taken down last week by a coordinated international law enforcement action. In Vice's account, Conti argues that ransomware is good, somehow, but their argment amounts to little more than an implausible tu quoque: the US, you see, is really pushing ransomware when it takes down criminal servers, which we suppose is one way of looking at it.
Other ransomware operators are exploiting known vulnerabilities in BillQuick billing software to distribute ransomware, BleepingComputer reports. Huntress has an account of the vulnerabilities; reports indicate that some are fixed, fixes are in progress for others.
Emsisoft has been able to take advantage of slovenly coding by the BlackMatter ransomware gang to damage the gang's operations by enabling victims to recover files without paying ransom.
Mandiant, which has been tracking software supply chain attacks of the kind Microsoft announced with such éclat at the beginning of the week, has offered advice on how organizations can remediate attacks and harden their systems against the threat.