Claims of ties between ransomware groups met with skepticism among threat researchers | SC Media

Claims of ties between ransomware groups met with skepticism among threat researchers | SC Media

Cyber chatter flowed on Twitter today after a researcher, who goes by the handle @pancak3lullz, posted about claims from ransomware gang REvil that EvilCorp and Maze are actually one group operated by eight people with ties to the Russia government.


While interesting, should rank-and-file security pros even care about this kind of talk?


Probably not in terms of defense tactics, said Rick Holland, chief information security officer and vice president of strategy at Digital Shadows, who agreed that while defining attribution to prominent ransomware groups is as intriguing as it is challenging, for the majority of enterprise defenders, it’s largely a distraction.


“Your defenses don’t dramatically change whether you are up against a traditional cybercriminal or state-affiliated one,” Holland said. “Patching known vulnerabilities, enabling multi-factor authentication, and disabling macros will go a long way no matter the threat de jour.”


Joe Slowick, senior security researcher at DomainTools, warned that until substantiated, claims of a link between the two groups should be treated with extreme skepticism.


“Overall, short of having direct access to adversary infrastructure communications, or operational planning, it’s ..

Support the originator by clicking the read the rest link below.