The July 2021 Ransomware Round-Up from Tetra Defense is now available. Compiled by our own cyber threat analysts, incident response investigations, and what dark web shame websites (operated by threat actors themselves) are reporting, learn the latest threat activity observed in July.
For our third installment of the ransomware round-up, we offer a breakdown of summer activity coming from threat actor groups, directly observed from their dark web shame websites.
In July 2021 Tetra Defense observed 176 publicly disclosed ransomware attacks, up slightly from 171 in June. July also saw the cessation of one of the most prolific ransomware groups, Sodinokibi (REvil), following a large-scale attack on IT solutions provider, Kaseya. This comes after the dissolution of Avaddon in June and Darkside in May. Several new groups emerged in the month of July including AvosLocker, [email protected], Haron, and BlackMatter. In addition, a few established groups reprised, most notably Lockbit 2.0 which was July’s most active ransomware group as measured by public posts on its dark web leak site.
To learn more about these groups, download the full report here.