Security News > 2020 > January > DeathRansom Campaign Linked to Malware Cornucopia

An ongoing DeathRansom malware campaign has been found by researchers to be part of a larger collection of malicious offensives, all carried out by an actor going by the nickname "Scat01."

According to Artem Semenchenko and Evgeny Ananin at FortiGuard Labs, evidence found on Russian underground forums and in their forensic investigations points to a significant connection between ongoing DeathRansom and various infostealing malware campaigns, all likely directed by one Russian-speaking individual living in Italy.

"Therefore, based on the same malware hosting, the same name pattern, and the fact that the Vidar sample tried to download a DeathRansom sample, we can conclude that the Vidar campaign and the DeathRansom campaign are run by the same actor, who uses scat01 as a Bitbucket profile name as well as a name for some malware samples."

To dig deeper, they then looked for other malware samples containing the string scat01 - which revealed a cornucopia of malware types all apparently connected to this handle.

Ru email address previously seen linked with the malware.

News URL

https://threatpost.com/deathransom-campaign-malware-cornucopia/151567/