RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware

2023-04-13 16:40

"The 'Read The Manual' Locker gang uses affiliates to ransom victims, all of whom are forced to abide by the gang's strict rules," cybersecurity firm Trellix said in a report shared with The Hacker News.

Attack chains mounted by the group have since evolved to deploy a ransomware payload on compromised hosts.

In March 2021, the Russian-speaking group was attributed to an extortion and blackmail campaign that deployed a trifecta of threats, including a financial trojan, legitimate remote access tools, and a ransomware strain called Quoter.

Trellix told The Hacker News that there is no relationship between Quoter and the RTM Locker ransomware executable used in the latest attacks.

RTM Locker malware builds are bound by strict mandates that forbid affiliates from leaking the samples, or else risk facing a ban.

"The affiliates need to be active as well, making it harder for researchers to infiltrate the gang. All in all, the gang's specific efforts in this area are higher than normally observed compared to other ransomware groups."

News URL

https://thehackernews.com/2023/04/rtm-locker-emerging-cybercrime-group.html

#cybercrime #ransomware

News URL

Related news