Security News > 2024 > June > Chinese Cyberspies Employ Ransomware in Attacks for Diversion
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.
A joint report from SentinelLabs and Recorded Future analysts presents the case of ChamelGang, a suspected Chinese advanced persistent threat that has been using the CatB ransomware strain in attacks that impact high-profile organizations worldwide.
In the last stage of the attack, ChamelGang deployed CatB ransomware on the network, dropping ransom notes at the beginning of each encrypted file.
A reason for involving ransomware in cyberespionage attacks could be that it provides strategic and operational benefits that blur the lines between APT and cybercriminal activity, which can lead to incorrect attribution or as a means to conceal the data collection nature of the operation.
Rafel RAT targets outdated Android phones in ransomware attacks.
Change Healthcare lists the medical data stolen in ransomware attack.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)