ransomware
Hvis du noen gang har lurt på hvor mye disse hackerne tjener, kan du få et glimt nå. i februar 27, 2022 en Twitter-konto ved navn @ContiLeaks og mange andre lignende kontoer begynte å legge ut ganske saftige detaljer om underverdenens penger og ansatte.
The leaks mainly concern Gold Blackburn and Gold Ulrick and in more than 160,000 messages reveal communications exchanged among nearly 500 threat actors in the period between January 2020 and March 2022. In addition there were leaked source code and tool repositories; quite a fact to open the lid over previously unknown threat actors.
Among the other lekkede data were also dozens of dossiers on many threat actors with citizenship information, passport, bankkontonummer, telefonnummer, addresses, navnene, bilder. Cybersecurity specialists can’t determine the motives of the doers so far but they assume it could possibly be that some threat actors do not agree with pro Russian statements Gold Ulrick posted on its leak site. Their identity is not known as well.
Most of the leaked data concerns two different but highly collaborative threat groups. They got their identification names from Secureworks® Counter Threat Unit™ (CTU) researchers who observed the activity referenced in the leaked data to be linked to Gold Blackburn and Gold Ulrick threat groups.
Gold Ulrick, a financially motivated cybercrime group, has been active since mid-2018. The group operated Ryuk ransomware from August 2018 until early 2021 and Conti ransomware from early 2020. They only target organizations with their ransomware.
Gold Blackburn, also a financially motivated cybercrime group, that has been active since June 2014. Trickbot malware, Buer Loader, Zloader, Anchor, BazarLoader all belong to the authorship of this group.
As being mentioned these are highly different threat groups but they show no less level of collaboration. CTU researchers observed operators of Conti and Ryuk ransomware to use BazarLoader, TrickBot or another malware payload issued by the Gold Blackburn threat group. Cobalt Strike Beacon and PowerShell Empire command and control (C2) servers used in the attacks conducted by the threat groups shared TrickBot and that could possibly be a sign of a single entity maintaining infrastructure for both. Which shows clearly one of the numerous close friendship signs among them.
But other threat groups have also used the malware like LockBit, Maze and RansomExx (også kjent som 777).
The leaked messaged as we said shone a light onto the underworld economy also revealing some previously unknown resources.
Having observed the leaked material, cyber security specialists made several assumptions about what has been leaked and what the specialists in their field could take from the information.
“Stern” persona has been mentioned the most in the revealed messages. This account seems to be interacting with a wide circle of underworld employees making them the presupposed leader. According to messages this account makes key organizational decisions, manages crises, communicates with other threat groups and gives out payroll.
“Stern” persona also oversees ransomware distribution and BazarLoader, TrickBot operations. With such a wide list of responsibilities this reveals this account as the possible leader of both Gold Ulrick and Gold Blackburn.
In the messages were also mentioned the representatives of other threat groups and they were actively communicating with the “Stern” persona and other presupposed members of Gold Ulrick and Gold Blackburn as well. Blant dem: Gold Swarthmore (IcedID),Gold Mystic (Lockbit), Gold Crestwood (Emotet). But researchers warn that despite its connection to many groups mentioned, they can’t make suggestions that this person leads all the groups.
One of the conclusions researchers could make out of the leaks was that it certainly showed the mature well organized kriminelle økosystem involving many threat groups. Simply, they don’t work alone but help each other; you can even say it’s some kind of Evil Corporation that grew out in the underworld.
One of the messages that picked exceptionally the researchers interest, thoroughly a practical one, is the salary of cybercriminals. Ja, Selvfølgelig, Evil Corporation offers you paid leave, sick leave and many bonuses. From one leaked message we learn that on average individuals earn approximately $1,800 USD per month.
The salary exceeds the average Russian salaries of approximately $540 USD per month. As of July 1, 2021 the mentioned Bitcoin address at the bottom of the messages has received 2.31 bitcoins ( which amounts to approximately $80,000 USD at that time).
If you surprised by the fact that there’s actually a whole Evil Corporation exist then read the following stat on ransomware prepared by researchers from Purplesec to understand the actual scope this particular kind of cyber crime has taken:
Reading all this stat you can imagine there’s more than one Evil Corporation and the sums climbing up the sky.
About Monoidme.co.in Monoidme.co.in pop-ups can not launch out of the blue. Hvis du har klikket…
About Jeezipax.co.in Jeezipax.co.in pop-ups can not expose out of nowhere. Hvis du har klikket på…
About Qowin.co.in Qowin.co.in pop-ups can not expose out of the blue. Hvis du har klikket…
About Wagaloo.co.in Wagaloo.co.in pop-ups can not open out of nowhere. Hvis du faktisk har klikket…
About Gtalauncher.ru Gtalauncher.ru pop-ups can not open out of nowhere. Hvis du faktisk har klikket…
About Metogthr.com Metogthr.com pop-ups can not expose out of nowhere. Hvis du har klikket på…