BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New RA Group breaks into cyberspace

    A new group of hackers called "RA Group" is attacking pharmaceutical, insurance, financial and manufacturing companies in the US and South Korea with ransomware.

    The group began operations in April 2023, when hackers launched a site on the dark web to publish stolen data from their victims. For example, hackers use the "double extortion" tactic common among other ransomware groups.

    According to the Cisco Talos team, the RA Group uses a ransomware based on the leaked Babuk ransomware source code.

    A feature of the RA Group is that in each attack, the victim will receive an individual ransom note written specifically for the target organization. In addition, the memo file gets a name that matches the name of the attacked company. The ransom note, in addition to contacts, also contains a link to a repository with stolen files as evidence of a hack.

    The ransomware attacks all logical drives on the victim's computer and network resources, and tries to encrypt certain folders, excluding those related to the Windows system, downloads, programs, etc. This is done in order not to render the victim's system inoperable and not to lose the opportunity to receive a ransom.

    The RA Group ransomware uses discontinuous encryption (file content is only partially encrypted) to speed up the process. However, this approach allows partial recovery of encrypted data. When encrypting data, the encryptor uses the "curve25519" and "eSTREAM cipher hc-128" algorithms.

    Encrypted files are given a ".GAGUP" extension, and all shadow copies and Recycle Bin contents are deleted to prevent data recovery.

    The hackers claim to give victims 3 days before posting a sample of the stolen data online. Since this is a new ransomware group with few victims, it is not yet clear how the RA Group's hackers infiltrate systems and spread over the network.

    The RA Group was among the groups that used the Babuk ransomware source code to create their own ransomware even with minimal technical knowledge.

    It was previously reported that since September 2021, several hacker groups have taken advantage of the Babuk ransomware source code leak to create nine different families of malware capable of attacking VMware ESXi systems.

    Security company SentinelOne said the new variants appeared in the second half of 2022 and the first half of 2023, indicating an increase in the number of hackers using the Babuk source code. Leaking source code allows attackers to attack Linux systems even when they don't have enough experience to create their own program.

    Author DeepWeb
    Internet troll created a large-scale botnet "Dark Frost" and directed it to the gaming community
    Attackers hacked into 1200 Emby servers and installed a malicious plugin that steals credentials

    Comments 0

    Add comment