News, 18.10.2022, 10:00 AM
The team behind it ransomware as a service (RaaS) of the Ransom Cartel group is linked to the notorious band REvil. That’s according to a team of Palo Alto Networks Unit 42 researchers, who say REvil went down about two months before Ransom Cartel debuted and just a month after 14 of its alleged members arrested in Russia.
“When the Ransom Cartel first appeared, it was unclear whether it was a rebrand of REvil or an unrelated threat actor that reused or mimicked the REvil ransomware code,” the Unit 42 report said.
However, over time things became clearer, mainly thanks to the tools used by both groups.
“While the Ransom Cartel uses double extortion and some of the same tactics, techniques and procedures we often see in ransomware attacks, this type of ransomware uses less common tools – DonPAPI, for example – that we haven’t seen in any other ransomware attacks.”
The researchers also noted that the Ransom Cartel operators had access to the original source code of the REvil ransomware, so Unit 42 thinks that the Ransom Cartel operators had ties to the REvil group before starting their own operation.
Researchers warn that Ransom Cartel attacks are likely to continue. .
To protect their systems from Ransom Cartel attacks, Unit 42 urged companies to use anti-ransomware software and to review indicators of compromise for this threat, available at the report.
This warning comes at a time when there is an evident increase in ransomware attacks and their financial impact on companies around the world, as warned by a recently published report by the company Acronis.
Photo by Markus Spiske from Pexels