BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • RTM Locker attacks from the shadows, avoiding large targets and hiding from law enforcement

    Cybersecurity researchers at cybersecurity firm Trellix have detailed the tactics of a new emerging RTM Locker (“Read The Manual” Locker) group that is a ransomware-as-a-Service (RaaS) provider that attacks for profit.

    RTM Locker uses affiliates to collect ransom from victims, and all affiliates must abide by the group's strict rules. The group's business structure, in which affiliates must remain active and notify the gang of their departure, shows the group's organizational maturity, as has been seen in other groups such as Conti.

    The group's key feature is its ability to operate in the shadows, deliberately avoiding high-profile targets that might draw attention to the actions of hackers. Therefore, the CIS countries, as well as morgues, hospitals, corporations associated with the COVID-19 vaccine, critical infrastructure, law enforcement agencies and other companies are excluded from the list of RTM Locker targets.

    Malicious builds of RTM Locker are bound by strict regulations that prohibit affiliates from leaking samples, otherwise they risk being blocked. Among the other rules laid out is a clause that blocks affiliates if they remain inactive for 10 days without notice.

    The requirement that the gang's affiliates must be active makes it difficult for insiders and cybersecurity researchers to infiltrate the gang.

    Experts have suggested that the group's ransomware runs on networks that are already under the control of the attacker. This indicates that the systems may have been compromised in other ways, such as phishing attacks, malicious spam, or the use of vulnerable servers available on the Internet.

    The RTM Locker payload is capable of doing the following:

    • elevate privileges;
    • disable antivirus services;
    • disable backup services;
    • delete shadow copies before starting the encryption procedure;
    • empty the trash to prevent recovery;
    • change wallpaper;
    • clear event logs;
    • execute a shell command.

    The findings suggest that cybercriminal groups will continue to use new tactics and methods to help them remain undetected by both investigators and law enforcement.

    Author DeepWeb
    Hackers leak Microsoft Bing and Cortana source code online
    Malefactors compete among themselves for cryptocurrency in Kubernetes

    Comments 0

    Add comment