Iran continues its efforts to recover from an apparent cyberattack that crippled subsidized distribution of gasoline throughout the country, SecurityWeek reports. As of yesterday, only two-hundred-twenty of the forty-three-hundred filling stations normally connected to the discounted fuel network had been reconnected. About three-thousand stations are able to sell fuel offline at unsubsidized market prices. Tehran has blamed an unspecified foreign government for the disruption, but according to the BBC another, nominally hacktivist, opposition group calling itself "Predatory Sparrow" has claimed responsibility. People claiming to represent the same group also said they were involved with the disruptions of Iran's passenger rail service earlier this year, but it's too early to consider anything "Predatory Sparrow" claims as authoritative for attribution purposes.
German authorities tell BR24 that they've identified the criminal kingpin of the once-and-future REvil gang. He goes by the nom-de-hack "Nikolay K." and represents himself online as a cryptocurrency trader. Prosecutors have obtained an arrest warrant, but Nikolay K. is at large in Russia and unlikely to face German justice.
The White House has published a Strategic Intent Statement for the Office of the National Cyber Director.
CSO reviews the Conti ransomware gang. For all of its preening Robin-Hood schtick, Conti is even less likely than other criminal organizations to restore victims' files or keep promises to not release stolen data. (And the other criminal organizations, remember, set a pretty low bar of good behavior.)
Bravo, Avast: the company is making decryptors available for ransomware strains including AtomSilo, Babuk, and LockFile.