Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc. Continue reading Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

Head Mare: adventures of a unicorn in Russia and Belarus

Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore. Continue reading Head Mare: adventures of a unicorn in Russia and Belarus

Ransomware group claims 2.5 terabytes of stolen data less than a month after emerging online

A new cybercrime outfit calling itself RA GROUP is just the latest to take advantage of leaked Babuk ransomware source code.

The post Ransomware group claims 2.5 terabytes of stolen data less than a month after emerging online appeared first on CyberScoop.

Continue reading Ransomware group claims 2.5 terabytes of stolen data less than a month after emerging online

Ransomware group claims 2.5 terabytes of stolen data less than a month after emerging online

A new cybercrime outfit calling itself RA GROUP is just the latest to take advantage of leaked Babuk ransomware source code.

The post Ransomware group claims 2.5 terabytes of stolen data less than a month after emerging online appeared first on CyberScoop.

Continue reading Ransomware group claims 2.5 terabytes of stolen data less than a month after emerging online

Wazawaka Goes Waka Waka

In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists.

In last month’s story, we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.” Continue reading Wazawaka Goes Waka Waka

The ‘Groove’ Ransomware Gang Was a Hoax

A number of publications in September warned about the emergence of “Groove,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. Continue reading The ‘Groove’ Ransomware Gang Was a Hoax

Free decryption tools for AtomSilo, Babuk, and LockFire ransomware released by Avast

There is some more good news for those who have fallen foul of ransomware.

Czech security firm Avast has developed decryption utilities for victims of not one, not two, but three different ransomware strains – meaning that victims who have been hit … Continue reading Free decryption tools for AtomSilo, Babuk, and LockFire ransomware released by Avast

Groove ransomware gang is a motley crew of disgruntled hackers, researchers say

Another new ransomware gang is making waves with an unconventional structure, its unique pedigree and an early victim. A coalition of researchers on Thursday explained what makes Groove, a gang that quietly emerged in July with a website, different: Namely, it eschews the traditional ransomware-as-a-service hierarchy in favor of an opportunistic pledge that they’ll work with anyone as long as there’s money to be made. The researchers — from McAfee, Intel 471 and Coveware — traced the group’s origins to a likely split with the Babuk gang, part of a trend of turmoil within extortion groups that use the ransomware-as-a-service (RaaS) model where affiliates get to use an outfit’s malware in exchange for sharing profits. For instance, a disgruntled former Conti affiliate recently leaked the group’s attack playbook. Already, there’s evidence the researchers uncovered that Groove has worked with another ransomware gang, BlackMatter, that likewise recently emerged. That group is […]

The post Groove ransomware gang is a motley crew of disgruntled hackers, researchers say appeared first on CyberScoop.

Continue reading Groove ransomware gang is a motley crew of disgruntled hackers, researchers say

Why RaaS Has Become Easier to Launch

Straight from the researchers at Intel 471 comes this pro tip for cybersecurity teams inside organizations: Being proactive about what the cybercriminal underground is learning and how it’s behaving can help you pinpoint solutions for your secur… Continue reading Why RaaS Has Become Easier to Launch