1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new ransomware group is targeting big businesses - here's wh

    From TechnologyDaily@1337:1/100 to All on Tue May 16 19:15:04 2023
    This new ransomware group is targeting big businesses - here's what you need to know

    Date:
    Tue, 16 May 2023 18:01:32 +0000

    Description:
    RA Group is targeting big firms in the US and South Korea with ransomware
    from a leaked source code.

    FULL STORY ======================================================================

    A new ransomware threat actor has been detected targeting big businesses in hopes of equally large payouts.

    Cybersecurity researchers from Talos uncovered a threat actor called RA Group which kicked off its operations in April 2023 using the Babuk source code, which was previously leaked, apparently by one of its former members.

    So far, the group has successfully attacked three organizations in the US,
    and one in South Korea. It doesnt seem to have an industry preference, as the victims were in manufacturing, wealth management, insurance, and pharmacy. Personalized ransom notes

    Theres nothing particularly unique about RA Group. It launches double extortion attacks, stealing sensitive data as it encrypts the systems, in hopes of motivating the victims to pay the ransom demand. Its website seems
    to be a work in progress, as the group is still making cosmetic changes. When it leaks the data, it discoses the name of the victim, a list of the stolen data, the total size, and the victims website.

    The ransom note is personalized for each individual victim, the researchers added, claiming this, too, is standard practice among ransomware threat actors. What isnt standard practice, however, is naming the victims in the executables, as well. Read more

    Hitachi Energy confirms data breach after being hit by Clop ransomware


    Hatch Bank says 140,000 customers had data stolen after breach


    Here's our rundown of the best ID theft protection out there

    The malware encrypts only parts of files, in order to move faster. After the encryption is complete, the files get the .GAGUP extension. The ransomware then deletes everything in the Bin with the API SHEmptyRecyclebinA, as well
    as volume shadow copy by executing the local Windows binary vssadmin.exe, an administrative tool used to manipulate shadow copies.

    The ransomware does not encrypt all files, though. Some are left accessible
    so that the victims can contact the group easier. The non-encrypted files are necessary for the victims to download the qTox application, used to reach out to the attackers. These are the best malware removal tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-new-ransomware-group-is-targeting-big-busi nesses-heres-what-you-need-to-know


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)