A new ransomware gang, the RA Group, has been discovered ramping up its cyberattacks, leveraging the leaked Babuk source code. While other threat actors have used the same source code to go into the ransomware business, RA Group sets itself apart with its highly customized approach. Since opening shop on April 22, it has gone after organizations in the manufacturing, wealth management, insurance and pharmaceutical industries in the US and South Korea.
## **The Rise of Babuk Strain Ransomware**
The source code for Babuk ransomware was leaked online in September 2021, setting off a trend of ransomware groups using it to develop lockers for VMware ESXi hypervisors. Over the past year, 10 different ransomware families have taken that route, while others have customized the code to exploit known vulnerabilities in software such as Microsoft Exchange, Struts, WordPress, Atlassian Confluence, Oracle WebLogic Server, SolarWinds Orion, Liferay, among others.
By reusing code written by others and leaked online, threat actors save time and potentially incorporate features they would have otherwise been unable to create themselves. This trend, especially after ransomware-as-a-service (RaaS) offerings became popular, has made it clear that one does not need to be a technical expert to play in the cybercrime and extortion game. Using other people’s code, with minor modifications, can get nearly anyone equipped to carry out attacks.
## **RA Group’s Unique Approach to Babuk Strain Ransomware**
Unlike other ransomware gangs, RA Group uses a double-extortion model, threatening to leak exfiltrated data if the victim does not pay the ransom, with only three days to pay up. That aside, RA Group discloses the victim organization’s name, the list of exfiltrated data, the total size, and the victim’s official URL in their leak site, which is typical among other ransomware groups’ leak sites. However, this group is also selling the victim’s exfiltrated data on a secured Tor site, making it unique.
## **Recommendations for Defending Against RA Group and Ransomware Attacks**
Because the basics of defending against ransomware threats remain effective, organizations are encouraged to:
– Ensure their environments are patched and up to date.
– Continuously monitor their networks for any signs of malicious activities.
– Ensure their security tools are updated with the latest indicators of compromise.
– Implement effective backup and recovery procedures for successful attack recovery.
In conclusion, the entry of RA Group into the Babuk strain ransomware business brings to light the need for organizations to remain vigilant and implement strong security measures to defend against ransomware attacks.
<< photo by Thomas Evans >>
You might want to read !
- PharMerica’s Major Breach Raises Concerns Over Healthcare Data Security
- “Federal Employees’ Data Compromised in Potentially Massive Transportation Department Breach”
- “Uncovering the Unseen: Toyota’s Decade-Long Data Leak Affects Over 2 Million Customers”
- “Meme-Themed Cyberattacks Exploit Microsoft Follina Bug in Travel Industry”
- “Discord Data Breach: Examining the Impacts of Customer Support Provider’s Security Flaw”
- The Alarming Rate of Microsoft Advisories: What It Means for Users and Businesses
- Google’s New Login Tech Sidelining Passwords for Better User Experience
- Innovative digital solutions promise to eradicate cybercrime, say researchers
- “Deceptive Hackers Distribute Malware Under the False Promise of AI Innovation”