Security News > 2022 > October > Microsoft links Raspberry Robin worm to Clop ransomware attacks
Microsoft says a threat group tracked as DEV-0950 used Clop ransomware to encrypt the network of a victim previously infected with the Raspberry Robin worm.
"Beginning on September 19, 2022, Microsoft identified Raspberry Robin worm infections deploying IcedID and-later at other victims-Bumblebee and TrueBot payloads," Microsoft Security Threat Intelligence analysts said.
"In October 2022, Microsoft researchers observed Raspberry Robin infections followed by Cobalt Strike activity from DEV-0950. This activity, which in some cases included a Truebot infection, eventually deployed the Clop ransomware."
Spotted in September 2021 by Red Canary intelligence analysts, Raspberry Robin spreads to other devices via infected USB devices containing a malicious.
Microsoft said in early July that it detected Raspberry Robin malware infection on the networks of hundreds of organizations from a wide range of industry sectors.
"Microsoft Defender for Endpoint data indicates that nearly 3,000 devices in almost 1,000 organizations have seen at least one Raspberry Robin payload-related alert in the last 30 days," Microsoft added.
News URL
Related news
- What the Latest Ransomware Attacks Teach About Defending Networks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Lessons from a Ransomware Attack against the British Library (source)
- Jackson County in state of emergency after ransomware attack (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)
- The Drop in Ransomware Attacks in 2024 and What it Means (source)
- Change Healthcare faces second ransomware dilemma weeks after ALPHV attack (source)