Daring newcomers have appeared on the cybercrime arena - the TommyLeaks and SchoolBoys groups, attacking companies around the world. But there is one catch – they are the same gang of cyber-ransomware.
TommyLeaks became known from the information security specialists of MalwareHunterTeam. This group is engaged in hacking corporate networks, stealing data and demanding a ransom for them. The ransom amount ranges from $400,000 to $700,000.
SchoolBoys was also discovered by experts from the MalwareHunterTeam, which is engaged in data theft and encryption of victims' data.
Later, the researchers found a sample of the SchoolBoys ransomware [VirusTotal] and found out that it was created using the LockBit 3.0 builder merged into the dark web.
Interestingly, at the time the investigation into the connection between SchoolBoys and TommyLeaks began, hackers from both groups used the same Tor chat system to create their chat sites.
The same system was used by the infamous Karakurt group.
Attackers were caught during negotiations with the victims - members of the SchoolBoys group simply introduced themselves as TommyLeaks.
And while it's unclear why the attackers have two different group names in their operations, experts suggest they are trying to apply an approach that Conti and Karakurt have previously used. We remind you that in April of this year it was revealed that Karakurt was part of the Conti cyber-ransomware gang.
Comments 0