This new ransomware group is targeting big businesses - here's what you need to know

A new ransomware threat actor has been detected targeting big businesses in hopes of equally large payouts. Cybersecurity researchers fro...

A new ransomware threat actor has been detected targeting big businesses in hopes of equally large payouts.

Cybersecurity researchers from Talos uncovered a threat actor called RA Group which kicked off its operations in April 2023 using the Babuk source code, which was previously leaked, apparently by one of its former members. 

So far, the group has successfully attacked three organizations in the US, and one in South Korea. It doesn’t seem to have an industry preference, as the victims were in manufacturing, wealth management, insurance, and pharmacy.

Personalized ransom notes

There’s nothing particularly unique about RA Group. It launches double extortion attacks, stealing sensitive data as it encrypts the systems, in hopes of motivating the victims to pay the ransom demand. Its website seems to be a work in progress, as the group is still making cosmetic changes. When it leaks the data, it discoses the name of the victim, a list of the stolen data, the total size, and the victim’s website. 

The ransom note is personalized for each individual victim, the researchers added, claiming this, too, is standard practice among ransomware threat actors. What isn’t standard practice, however, is naming the victims in the executables, as well.

The malware encrypts only parts of files, in order to move faster. After the encryption is complete, the files get the .GAGUP extension. The ransomware then deletes everything in the Bin with the API SHEmptyRecyclebinA, as well as volume shadow copy by executing the local Windows binary vssadmin.exe, an administrative tool used to manipulate shadow copies.

The ransomware does not encrypt all files, though. Some are left accessible so that the victims can contact the group easier. The non-encrypted files are necessary for the victims to download the qTox application, used to reach out to the attackers.



from TechRadar - All the latest technology news https://ift.tt/TD7oNP6
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This new ransomware group is targeting big businesses - here's what you need to know
This new ransomware group is targeting big businesses - here's what you need to know
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/05/this-new-ransomware-group-is-targeting.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/05/this-new-ransomware-group-is-targeting.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy