Security News > 2024 > June > Chinese Cyberspies Employ Ransomware in Attacks for Diversion
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.
A joint report from SentinelLabs and Recorded Future analysts presents the case of ChamelGang, a suspected Chinese advanced persistent threat that has been using the CatB ransomware strain in attacks that impact high-profile organizations worldwide.
In the last stage of the attack, ChamelGang deployed CatB ransomware on the network, dropping ransom notes at the beginning of each encrypted file.
A reason for involving ransomware in cyberespionage attacks could be that it provides strategic and operational benefits that blur the lines between APT and cybercriminal activity, which can lead to incorrect attribution or as a means to conceal the data collection nature of the operation.
Rafel RAT targets outdated Android phones in ransomware attacks.
Change Healthcare lists the medical data stolen in ransomware attack.
News URL
Related news
- City of Wichita shuts down IT network after ransomware attack (source)
- Ransomware attacks impact 20% of sensitive data in healthcare orgs (source)
- Ohio Lottery ransomware attack impacts over 538,000 individuals (source)
- Ascension redirects ambulances after suspected ransomware attack (source)
- Singing River Health System: Data of 895,000 stolen in ransomware attack (source)
- Windows Quick Assist abused in Black Basta ransomware attacks (source)
- Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks (source)
- OmniVision discloses data breach after 2023 ransomware attack (source)
- LockBit says they stole data in London Drugs ransomware attack (source)
- Canada's London Drugs confirms ransomware attack after LockBit demands $25M (source)