Security News > 2023 > May > New RA Group ransomware targets U.S. orgs in double-extortion attacks
A new ransomware group named 'RA Group' is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea.
The new ransomware operation started in April 2023, when they launched a data leak site on the dark web to publish victims' details and stolen data, engaging in the typical 'double-extortion' tactic used by most ransomware gangs.
In a new report by Cisco Talos, researchers explain that RA Group uses an encryptor based on the leaked source code for the Babuk ransomware, a ransomware operation that shut down in 2021.
A notable characteristic of RA Group is that each attack features a custom ransom note written specifically for the targeted organization, while the executable is also named after the victim.
The ransomware targets all logical drives on the victim's machine and network shares and attempts to encrypt specific folders, excluding those related to the Windows system, boot, Program Files, etc.
The threat actors claim to give victims three days before a sample of stolen data is published on extortion sites, but like other ransomware operations, this is likely open to negotiation.
News URL
Related news
- Ascension: Health data of 5.6 million stolen in ransomware attack (source)
- Clop ransomware threatens 66 Cleo attack victims with data leak (source)
- French govt contractor Atos denies Space Bears ransomware attack claims (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)