The Near and Far Future of Today’s Ransomware Groups
Common Information
| Type | Value |
|---|---|
| UUID | 9018768a-c65c-4e25-8359-11d9765e7a17 |
| Fingerprint | 4cd6a881a01e5bea4e0816caed42738c98755556395f46720247abbc7f120056 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 9, 2022, 5:23 p.m. |
| Added to db | April 14, 2024, 11:30 a.m. |
| Last updated | Aug. 30, 2024, 10:59 p.m. |
| Headline | The Near and Far Future of Today’s Ransomware Groups |
| Title | The Near and Far Future of Today’s Ransomware Groups |
| Detected Hints/Tags/Attributes | 396/4/229 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 1 | asus-routers--.html |
|
| Details | File | 2 | cns2018-cerber.pdf |
|
| Details | File | 1 | hits-europe-hard.html |
|
| Details | File | 11 | 2021_ic3report.pdf |
|
| Details | File | 1 | the-hermit-kingdoms-ransomware-play.html |
|
| Details | File | 1 | worth-of-bitcoin.html |
|
| Details | File | 1 | dont_be_a_pumpanddump_chump.html |
|
| Details | File | 1 | us-18-lusthaus-is-the-mafia-taking-over-cybercrime-wp.pdf |
|
| Details | File | 1 | cyberbits_04_ocean13.pdf |
|
| Details | File | 1 | short-and-distort-attacks-are-costing-australian-investors-billions-20201204-p56ksl.html |
|
| Details | File | 6 | the-medoc-connection.html |
|
| Details | Mandiant Uncategorized Groups | 25 | UNC2165 |
|
| Details | Threat Actor Identifier - APT | 278 | APT10 |
|
| Details | Url | 15 | https://www.trendmicro.com/vinfo/us/security |
|
| Details | Url | 1 | https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions. |
|
| Details | Url | 1 | https://www.nytimes.com/2022/01/14/world/europe/revil-ransomware-russia- |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-revil. |
|
| Details | Url | 25 | https://www.trendmicro |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new- |
|
| Details | Url | 1 | https://edition.cnn.com/2022/03/30/politics/ukraine-hack-russian- |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/. |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat. |
|
| Details | Url | 1 | https://www.coveware.com/blog/2022/7/27/fewer-ransomware-victims-pay-as-medium-ransom-falls- |
|
| Details | Url | 1 | https://community-trendmicro.force.com/dcx/s/solution/1055340-information-on-how-you-can-unmask-fake- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_ie/research/19/e/dharma-ransomware-uses-av-tool-to-distract-from-malicious- |
|
| Details | Url | 6 | https://www.trendmicro.com/vinfo |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/nl/security/news |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/us-uk- |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/de/security/news/cybercrime-and-digital-threats/investigating-the- |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-conti. |
|
| Details | Url | 1 | https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/. |
|
| Details | Url | 30 | https://www.microsoft.com |
|
| Details | Url | 1 | https://therecord.media/netwalker-ransomware-affiliate-sentenced-to-seven-years-in-prison/. |
|
| Details | Url | 1 | https://www.blackhat.com/docs/us-17/wednesday/us-17-invernizzi-tracking-ransomware- |
|
| Details | Url | 1 | https://blog.cyble.com/2022/06/17/cerber2021-ransomware-back-in-action/. |
|
| Details | Url | 3 | https://www.justice.gov |
|
| Details | Url | 2 | https://www.secureworks.com/research/bronze-starlight-ransomware-operations- |
|
| Details | Url | 1 | https://www.ic3.gov/media/news/2022/220706.pdf |
|
| Details | Url | 1 | https://stairwell.com/wp-content |
|
| Details | Url | 1 | https://www.cybereason.com/blog/research/strifewater-rat-iranian- |
|
| Details | Url | 1 | https://home.treasury.gov/news/press- |
|
| Details | Url | 1 | https://www.reuters.com/technology/biden-says-uncertain-who-is-behind-latest-ransomware-attack-2021-07-03/. |
|
| Details | Url | 1 | https://www.nsa.gov/press-room/news-highlights/article/article/2928709/cisa-fbi-nsa-and-international-partners-issue- |
|
| Details | Url | 1 | https://therecord.media/netherlands-can-use-intelligence-or-armed- |
|
| Details | Url | 2 | https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged- |
|
| Details | Url | 1 | https://therecord.media/ransomware-affiliate-arrested-in-romania/. |
|
| Details | Url | 1 | https://go.chainalysis.com/2021-crypto-crime-report.html |
|
| Details | Url | 1 | https://blockbr.com.br/wp-content/uploads/2022/06/2022-crypto-crime-report.pdf |
|
| Details | Url | 1 | https://cn-sec.com/archives/1092089.html |
|
| Details | Url | 1 | https://www.reuters.com/business/finance/russian-cbank-proposes- |
|
| Details | Url | 1 | https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html |
|
| Details | Url | 1 | https://www.reuters.com/technology/russia-improve-crypto-transaction-monitoring-regulation-draws- |
|
| Details | Url | 1 | https://www.whitehouse.gov/briefing-room/statements- |
|
| Details | Url | 2 | https://www.consilium.europa.eu/en/press/press- |
|
| Details | Url | 2 | https://www.europarl.europa.eu/news/en/press- |
|
| Details | Url | 1 | https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first- |
|
| Details | Url | 1 | https://www.justice.gov/usao- |
|
| Details | Url | 1 | https://www.zdnet.com/article/ransomware-has-gone-down-because-sanctions- |
|
| Details | Url | 1 | https://www.lemagit.fr/actualites/252510802/ransomware-comment-la-franchise- |
|
| Details | Url | 1 | https://www.lemagit.fr/actualites/252512817/ransomware-lockbit-ne-semble-pas-avoir- |
|
| Details | Url | 2 | https://www.prodaft.com/m/reports/pysa_tlpwhite_3.0.pdf |
|
| Details | Url | 1 | https://www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40- |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/minding-the- |
|
| Details | Url | 1 | https://trends.shodan.io |
|
| Details | Url | 1 | https://www.reuters.com/technology/exclusive-governments-turn-tables- |
|
| Details | Url | 3 | https://www.prodaft.com/m/reports/lockbit_case_report___tlpwhite.pdf |
|
| Details | Url | 2 | https://www.prodaft.com/m/reports/conti_tlpwhite_v1.6_wvcsetc.pdf |
|
| Details | Url | 1 | https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/. |
|
| Details | Url | 1 | https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/. |
|
| Details | Url | 1 | https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/. |
|
| Details | Url | 1 | https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iv-cryptocrime/. |
|
| Details | Url | 1 | https://www.infinitumit.com.tr/conti-ransomware-group-behind-the-karakurt-hacking-team/. |
|
| Details | Url | 1 | https://www.prodaft.com/m/reports/wizardspider_tlpwhite_v.1.4.pdf |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/conti-ransomware-finally-shuts-down-data- |
|
| Details | Url | 1 | https://www.forbes.com/sites/forbesbusinesscouncil/2021/07/09/ransomware-five-reasons-why-victim- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/microsoft/lapsus-hackers-leak-37gb-of-microsofts- |
|
| Details | Url | 1 | https://www.uber.com/newsroom/security- |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/gta-6-source-code-and-videos-leaked- |
|
| Details | Url | 1 | https://www.wired.com/story/lapsusdollar-uber-rockstar-breach-multifactor-authentication-weaknesses/. |
|
| Details | Url | 1 | https://techcrunch.com/2022/09/26/london-police-arrest-uber-rockstar/?guccounter=1&guce_ |
|
| Details | Url | 1 | https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/. |
|
| Details | Url | 1 | https://www.whitehouse.gov/briefing-room/speeches-remarks/2021/05/13/remarks-by- |
|
| Details | Url | 1 | https://www.trendmicro.com/vinfo/de/security/news/cybercrime-and-digital-threats/cybercriminal-cloud-of-logs-the- |
|
| Details | Url | 1 | https://www.accenture.com/us-en/blogs/security/cybercriminals-weaponizing-leaked- |
|
| Details | Url | 1 | https://www.sec.gov |
|
| Details | Url | 1 | https://www.akamai.com/blog/security/revil-resurgence-or-copycat. |
|
| Details | Url | 1 | https://www.imperva.com/blog/imperva-mitigates-ransom-ddos-attack-measuring-2-5-million- |
|
| Details | Url | 1 | https://www.wired.com/story/ddos-extortion-hacking-fancy-bear-lazarus-group/. |
|
| Details | Url | 1 | https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/. |
|
| Details | Url | 1 | https://www.ic3.gov/media/news/2022/220318. |
|
| Details | Url | 1 | https://www.ic3.gov/media/news/2021/211029.pdf |
|
| Details | Url | 1 | https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks. |
|
| Details | Url | 5 | https://documents.trendmicro.com/assets/white_papers/wp- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/21/c/teamtnt- |
|
| Details | Url | 1 | https://msrc-blog.microsoft.com/2022/09/01/vulnerability-fixed-in-azure-synapse-spark/. |
|
| Details | Url | 1 | https://www.trendmicro.com/en_no |
|
| Details | Url | 2 | https://www.trendmicro.com/en_us/research/22/e |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/22/a/analysis-and-impact-of- |
|
| Details | Url | 1 | https://rh.gatech.edu/news/587359/simulated-ransomware-attack- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/17/g/online-exposed-mainframes-business-process-compromise. |
|
| Details | Url | 1 | https://www.bmc.com/blogs/are-mainframes-your-weakest-link/. |
|
| Details | Url | 1 | https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on- |
|
| Details | Url | 1 | https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/. |
|
| Details | Url | 1 | https://arxiv.org/abs/2003.04426 |
|
| Details | Url | 1 | https://www.cyber-threat-intelligence.com |
|
| Details | Url | 1 | https://therecord.media/an-interview-with-lockbit-the-risk-of-being-hacked- |
|
| Details | Url | 1 | https://therecord.media/i-scrounged-through-the-trash- |
|
| Details | Url | 1 | https://therecord.media/an-alphv-blackcat-representative- |
|
| Details | Url | 1 | https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/17/f/large-scale-ransomware-attack-progress- |
|
| Details | Url | 2 | https://www.eset.com/int/about/newsroom/press-releases |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/. |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy- |
|
| Details | Url | 11 | https://www.ic3.gov/media/pdf/annualreport/2021_ic3report.pdf |
|
| Details | Url | 1 | https://blog.chainalysis.com/reports/2022-defi-hacks/. |
|
| Details | Url | 1 | https://www.trellix |
|
| Details | Url | 1 | https://www.cnbc.com/2017/05/15/wannacry-ransomware-hackers-have-only-made-50000- |
|
| Details | Url | 1 | https://www.washingtonpost.com/world/2021/11/02 |
|
| Details | Url | 1 | https://cointelegraph.com/explained/crypto-rug-pulls-what-is-a-rug-pull-in-crypto-and-6-ways-to-spot-it. |
|
| Details | Url | 1 | http://voices.washingtonpost.com/securityfix/2006/09/dont_be_a_pumpanddump_chump.html |
|
| Details | Url | 1 | https://www.bbc.com/news/av/technology-40655656. |
|
| Details | Url | 1 | https://www.scmagazine.com/analysis/cybercrime/founder-of-pro-russian-hacktivist-killnet-quitting-group. |
|
| Details | Url | 1 | https://www.securityweek.com/killnet-releases-proof-its-attack-against-lockheed-martin. |
|
| Details | Url | 1 | https://blog.google/threat-analysis-group/initial-access-broker-repurposing- |
|
| Details | Url | 1 | https://i.blackhat.com/us-18/wed-august-8/us-18-lusthaus-is-the-mafia-taking-over-cybercrime-wp.pdf |
|
| Details | Url | 1 | https://www.europol.europa.eu/sites/default/files/documents/cyberbits_04_ocean13.pdf |
|
| Details | Url | 1 | https://therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/. |
|
| Details | Url | 1 | https://www.comparitech.com/blog/information-security/ransomware-share-price-analysis/. |
|
| Details | Url | 1 | https://www.theage.com.au/business/markets/caught-in-a-bear-trap-how- |
|
| Details | Url | 4 | https://blog.talosintelligence.com/2017/07/the-medoc-connection.html |
|
| Details | Url | 1 | https://www.bbc.com/news/technology-40497026. |
|
| Details | Url | 1 | https://www.ic3.gov/media/y2022/psa220504. |
|
| Details | Url | 1 | https://static.rainfocus.com/rsac/us22/sess/1626998728821001anzu/finalwebsite/2022_ |
|
| Details | CVE | 1 | cve-2021-271001 |
|
| Details | CVE | 1 | cve-2021-271002 |
|
| Details | CVE | 1 | cve-2021-271003 |
|
| Details | CVE | 1 | cve-2021-271004 |
|
| Details | Domain | 245 | shutterstock.com |
|
| Details | Domain | 18 | blender.io |
|
| Details | Domain | 134 | shodan.io |
|
| Details | Domain | 61 | censys.io |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 124 | www.nytimes.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 40 | edition.cnn.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 16 | www.coveware.com |
|
| Details | Domain | 55 | blog.google |
|
| Details | Domain | 99 | therecord.media |
|
| Details | Domain | 222 | www.blackhat.com |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 111 | www.justice.gov |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 98 | www.secureworks.com |
|
| Details | Domain | 167 | www.ic3.gov |
|
| Details | Domain | 9 | stairwell.com |
|
| Details | Domain | 59 | www.cybereason.com |
|
| Details | Domain | 49 | home.treasury.gov |
|
| Details | Domain | 177 | www.wired.com |
|
| Details | Domain | 2 | go.chainalysis.com |
|
| Details | Domain | 1 | blockbr.com.br |
|
| Details | Domain | 68 | cn-sec.com |
|
| Details | Domain | 123 | www.reuters.com |
|
| Details | Domain | 45 | www.whitehouse.gov |
|
| Details | Domain | 8 | www.consilium.europa.eu |
|
| Details | Domain | 16 | www.europarl.europa.eu |
|
| Details | Domain | 175 | www.zdnet.com |
|
| Details | Domain | 66 | www.washingtonpost.com |
|
| Details | Domain | 2 | www.lemagit.fr |
|
| Details | Domain | 13 | www.prodaft.com |
|
| Details | Domain | 44 | www.bloomberg.com |
|
| Details | Domain | 1 | trends.shodan.io |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 202 | krebsonsecurity.com |
|
| Details | Domain | 1 | www.infinitumit.com.tr |
|
| Details | Domain | 84 | www.forbes.com |
|
| Details | Domain | 4 | www.uber.com |
|
| Details | Domain | 73 | techcrunch.com |
|
| Details | Domain | 26 | www.accenture.com |
|
| Details | Domain | 48 | www.sec.gov |
|
| Details | Domain | 35 | www.akamai.com |
|
| Details | Domain | 41 | www.imperva.com |
|
| Details | Domain | 52 | blog.cloudflare.com |
|
| Details | Domain | 60 | documents.trendmicro.com |
|
| Details | Domain | 34 | msrc-blog.microsoft.com |
|
| Details | Domain | 1 | rh.gatech.edu |
|
| Details | Domain | 1 | www.bmc.com |
|
| Details | Domain | 98 | www.ncsc.gov.uk |
|
| Details | Domain | 154 | arxiv.org |
|
| Details | Domain | 3 | www.cyber-threat-intelligence.com |
|
| Details | Domain | 80 | www.eset.com |
|
| Details | Domain | 13 | blog.chainalysis.com |
|
| Details | Domain | 37 | www.cnbc.com |
|
| Details | Domain | 5 | voices.washingtonpost.com |
|
| Details | Domain | 151 | www.bbc.com |
|
| Details | Domain | 138 | www.securityweek.com |
|
| Details | Domain | 35 | blackhat.com |
|
| Details | Domain | 35 | www.europol.europa.eu |
|
| Details | Domain | 20 | www.comparitech.com |
|
| Details | Domain | 3 | www.theage.com.au |
|
| Details | Domain | 14 | blog.reversinglabs.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 1 | static.rainfocus.com |
|
| Details | File | 1 | arrests.html |
|
| Details | File | 816 | index.html |
|
| Details | File | 2 | activities.html |
|
| Details | File | 1 | end-to-end.pdf |
|
| Details | File | 1 | 220706.pdf |
|
| Details | File | 1 | stairwell-threat-report-maui-ransomware.pdf |
|
| Details | File | 1 | 2021-crypto-crime-report.html |
|
| Details | File | 1 | 2022-crypto-crime-report.pdf |
|
| Details | File | 1 | 1092089.html |
|
| Details | File | 1 | ransomware-russia-bitcoin.html |
|
| Details | File | 43 | 0.pdf |
|
| Details | File | 3 | lockbit_case_report___tlpwhite.pdf |
|
| Details | File | 2 | 6_wvcsetc.pdf |
|
| Details | File | 384 | www.inf |
|
| Details | File | 11 | 4.pdf |
|
| Details | File | 1 | q32021exh991-preliminaryth.htm |
|
| Details | File | 1 | 211029.pdf |
|
| Details | File | 2 | navigating-the-landscape-of-cloud-based-cryptocurrency-mining.pdf |
|
| Details | File | 1 | continues-attack-on-the-cloud--targets-aws-credentials.html |
|
| Details | File | 1 | closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html |
|
| Details | File | 3 | new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html |
|
| Details | File | 1 | lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html |