New ransomware service (RaaS) programs were discovered during this month’s threat alerts. DarkSide and Ravil were both claimed to be successors by one of them. Colonial has been attacked by these two notorious ransomware groups. In the past, Pipeline and Kaseya. If you’ve been attacked by a major group, you should go offline. Several months.
“The project has incorporated the best features of DarkSide, REvil, and LockBit into its architecture,” the group’s operator stated on its dark web blog, promising not to target healthcare, critical infrastructure, oil and gas, national defense, non-profits, and government agencies.
On July 19, BlackMatter, a threat actor, registered an account on the Russian XSS and Exploited Forum, then posted on the forum a post stating their intention to purchase a pair of hosts and 15,000. Infected networks are located in the U.S., Canada, Australia, and the United Kingdom; annual revenues are over $100 million, which may indicate a ransomware operation of broad scope.
His escrow account was credited with 4BTC (approximately $150,000). According to Flashpoint researchers, the large deposits on the forum are indicative of the severity of the threat actors.
- Motorola Edge 20 Lite with 108MP triple cameras, 90Hz OLED display goes official
- Brand New KTM Bikes Price In Nepal
Despite the fact that BlackMatter claims that they are collective ransomware operators, they haven’t publicly stated that. Although the language they use and the targets they mention clearly characterize them as collective ransomware operators, technically, this does not violate the forum’s rules.”
Using the Jabber server on the Exploit forum, the organization reportedly started actively recruiting affiliates and partners on July 27. Apparently they are looking for penetration testers with experience in Windows and Linux systems as well as Windows and Linux systems. Employees sell their visits to the provider for a certain percentage of profit when they first visit.
According to Proofpoint, ransomware groups increasingly purchase access from independent cybercriminals who infiltrate their main targets and provide them with an entry point to steal and encrypt data. To gain illicit profits by selling data.