BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New RA Group breaks into cyberspace

    A new group of hackers called "RA Group" is attacking pharmaceutical, insurance, financial and manufacturing companies in the US and South Korea with ransomware.

    The group began operations in April 2023, when hackers launched a site on the dark web to publish stolen data from their victims. For example, hackers use the "double extortion" tactic common among other ransomware groups.

    According to the Cisco Talos team, the RA Group uses a ransomware based on the leaked Babuk ransomware source code.

    A feature of the RA Group is that in each attack, the victim will receive an individual ransom note written specifically for the target organization. In addition, the memo file gets a name that matches the name of the attacked company. The ransom note, in addition to contacts, also contains a link to a repository with stolen files as evidence of a hack.

    The ransomware attacks all logical drives on the victim's computer and network resources, and tries to encrypt certain folders, excluding those related to the Windows system, downloads, programs, etc. This is done in order not to render the victim's system inoperable and not to lose the opportunity to receive a ransom.

    The RA Group ransomware uses discontinuous encryption (file content is only partially encrypted) to speed up the process. However, this approach allows partial recovery of encrypted data. When encrypting data, the encryptor uses the "curve25519" and "eSTREAM cipher hc-128" algorithms.

    Encrypted files are given a ".GAGUP" extension, and all shadow copies and Recycle Bin contents are deleted to prevent data recovery.

    The hackers claim to give victims 3 days before posting a sample of the stolen data online. Since this is a new ransomware group with few victims, it is not yet clear how the RA Group's hackers infiltrate systems and spread over the network.

    The RA Group was among the groups that used the Babuk ransomware source code to create their own ransomware even with minimal technical knowledge.

    It was previously reported that since September 2021, several hacker groups have taken advantage of the Babuk ransomware source code leak to create nine different families of malware capable of attacking VMware ESXi systems.

    Security company SentinelOne said the new variants appeared in the second half of 2022 and the first half of 2023, indicating an increase in the number of hackers using the Babuk source code. Leaking source code allows attackers to attack Linux systems even when they don't have enough experience to create their own program.

    Author DeepWeb
    Internet troll created a large-scale botnet "Dark Frost" and directed it to the gaming community
    Attackers hacked into 1200 Emby servers and installed a malicious plugin that steals credentials

    Comments 0

    Add comment