• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Ransom Cartel Linked to Russia-Based REvil Ransomware Group

You are here: Home / General Cyber Security News / Ransom Cartel Linked to Russia-Based REvil Ransomware Group
October 17, 2022

The workforce behind the ransomware as a services (RaaS) team regarded as Ransom Cartel has been connected with the infamous REvil gang.

The promises appear from Palo Alto Networks’ security study staff Unit 42, which shared a new technological generate-up about Ransom Cartel with Infosecurity over the weekend.

According to the advisory, the REvil ransomware stopped operating about two months right before Ransom Cartel designed its debut and just a person month just after 14 of its alleged associates have been arrested in Russia. 

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“When Ransom Cartel first appeared, it was unclear irrespective of whether it was a rebrand of REvil or an unrelated menace actor who reused or mimicked REvil ransomware code,” Device 42 wrote.

On the other hand, in time, the selection became clearer, primarily through the tools utilized by both of those threat actors.

“While Ransom Cartel makes use of double extortion and some of the exact same [tactics, techniques and procedures] TTPs we normally notice through ransomware attacks, this form of ransomware uses fewer common instruments – DonPAPI, for illustration – that we have not noticed in any other ransomware attacks.”

Primarily based on their investigation, the security researchers also noticed that the Ransom Cartel operators have access to the unique REvil ransomware supply code but probably do not possess the obfuscation motor utilized to encrypt strings and disguise API calls.

“We speculate that the operators of Ransom Cartel had a relationship with the REvil team at 1 stage prior to starting up their individual operation,” the advisory reads.

“Due to the higher-profile character of some organizations targeted by Ransom Cartel and continual stream of Ransom Cartel scenarios recognized by Device 42, the operator and/or affiliates powering the ransomware most likely will carry on to attack and extort corporations,” warned the security gurus.

To safeguard their devices from Ransom Cartel attacks, Unit 42 referred to as for firms to deploy anti-ransomware application and to evaluate the indicators of compromise for the menace, which are obtainable in the advisory’s unique textual content.

Its publication will come amidst a definite improve in ransomware attacks and their economic effect on companies around the world, as suggested by a new report by Acronis.


Some pieces of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «black basta ransomware hackers infiltrates networks via qakbot to deploy Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4
Next Post: Amazon Customers Receive Smishing Warning After Receiving Fake Texts Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
  • Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
  • Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
  • Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
  • WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password
  • U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
  • Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
  • Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
  • Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails
  • North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Copyright © TheCyberSecurity.News, All Rights Reserved.