Security News > 2021 > October > Groove ransomware calls on all extortion gangs to attack US interests

The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week.
Yesterday, Reuters reported that REvil's takedown resulted from an international law enforcement operation that included support from the FBI. Today, the Groove ransomware gang published a Russian blog post calling on all other ransomware operations to target US interests.
The blog post also warns ransomware operations not to target Chinese companies, as the gangs would need to use the country as a safe haven if Russia takes a stronger stance on cybercrime operating inside its country.
A later post indicates that the threat actor is likely starting a new ransomware operation as he began actively pursuing the purchase of network access to US hospitals and government agencies, as shown in the forum post below.
Today's announcement from Groove Ransomware correlates with the Orange's forum posts, indicating that targeting of all USA interests has been planned for some time, with the REvil law enforcement operation being the catalyst for Groove's announcement.
It is unclear if 'Orange' will be performing these attacks on USA organizations under the Groove operation or launching a new ransomware operation.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- All your 8Base are belong to us: Ransomware crew busted in global sting (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)