Four ransomware groups on the rise
A Palo Alto Networks investigation has identified four emerging ransomware actors that are attracting the attention of law enforcement.
Palo Alto Networks has launched a new Study which indicates four increasing ransomware groups. Already 151 companies in the U.S. have been affected by illegal data disclosures. The willingness to pay ransoms to companies has also increased, it said. The peak for payments on ransomware demands in 2020 increased from 15 million to 30 million compared to previous years (2015-2019), he said.
This indicates that encryption Trojans are still a thriving business and the extortion schemes are becoming increasingly brazen. Overall, the Unit 42 Ransomware Threat Report lists four new groups whose threat patterns are on the rise.
AvosLocker: This group also offers technical support on the Darknet to help victims recover a system after a ransomware attack. They market their software as a Ransomware-as-a-Service (Raas) and adorn themselves with trophies from extorted companies in the US, the UK and the United Arab Emirates. According to their own information, ransom sums have already ranged between $50,000 and $70,000.
Hive: Hive" is a group that relies on double extortion, which, like AvosLocker, has been appearing since June 2021. Hive uses all sorts of extortion tools and has already attacked airlines and various institutions in the United States. Characteristic features include countdown counters or various means of pressure to spread the extorted data on social networks. Hive was already noticed in June 2021.
HelloKitty: HelloKitty is not a new ransomware group. At that time, the attackers mainly targeted Windows systems. In July, however, Palo Alto also observed a Linux variant of HelloKitty, which is particularly designed for cloud and data centers. Victims are mostly communicated with via mail or Tor chats. The group's highest ransom demand so far was ten million dollars.
Lockbit 2.0: This group also operates as Raas providers on the Darknet and has been noticed for three years. However, an increase in sophisticated attacks has been observed. The ransomware provider advertises that it offers the fastest encryption on the market. The group's leak site lists 52 victims from various countries around the world, including Switzerland.
Source: Palo Alto Networks