The Reaper botnet is still quiescent (for now, at least), but the security sector is keeping a weather eye out for the expected storm. (Ixia has advice for those interested in storm preparation.)
Most attention today, however, has gone to BadRabbit. Experts are increasingly convinced that it’s the work of the same threat actors responsible for NotPetya. The consequences of NotPetya were so heavy that BadRabbit is being watched with considerable concern.
FireEye, ESET, Avira, McAfee and others have noticed something interesting. The servers and sites BadRabbit's controllers used seem to have shut down after just a few hours of activity. The controllers appear to have taken down their own infrastructure. Why they might have done so is a matter of conjecture.
Other ransomware remains active. Iran's Computer Emergency Response Team Coordination Center reports that variants of Tyrant ransomware are circulating in that country. Comodo has been tracking what it characterizes as a fourth wave of IKARUS ransomware using the "Asasin" (sic) file extension. And Phishme notes that Sage ransomware has assumed a more convincing form, with a more "engaging" user interface and easier payment options.
The US Senate has moved closer to enacting a version of Section 702 surveillance authority for NSA.
Kaspersky Lab's transparency and charm counteroffensive may have hit a bump. The company acknowledged that its security software did indeed scoop up some NSA tools (from a machine that should never have had them in the first place). They say they promptly deleted the sensitive files.