Security News > 2021 > August > FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020

The Federal Bureau of Investigation has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020.

"The FBI has learned of a cyber-criminal group who self identifies as the 'OnePercent Group' and who have used Cobalt Strike to perpetuate ransomware attacks against US companies since November 2020," the FBI said.

After maintaining access to their victims' networks for up to one month and exfiltrating files before deploying the ransomware payloads, OnePercent will encrypt files using a random eight-character extension and will add uniquely named ransom notes linking to the gang's.

According to the FBI, OnePercent Group threat actors will also reach out to their victims using spoofed phone numbers, threatening to leak the stolen data unless they're connected with a company negotiator.

"Once the ransomware is successfully deployed, the victim will start to receive phone calls through spoofed phone numbers with ransom demands and are provided a ProtonMail email address for further communication," the FBI added.

While the FBI hasn't provided any information on OnePercent Group's past attacks, two of the command-and-control servers mentioned in FBI's IOC list also shows up on FireEye's report on the UNC2198 threat actor who ICEDID to deploy Maze and Egregor ransomware.

News URL

https://www.bleepingcomputer.com/news/security/fbi-onepercent-group-ransomware-targeted-us-orgs-since-nov-2020/