We had previously identified BeeVoip among the victims of the criminal group, but from the emerged information it appears the victim is instead Anic S.p.A., a company’s former customer.
We thank BeeVoip for the report, which allows us to improve the accuracy of our information service.
We invite anyone who needs to provide us with further information or request corrections to contact us via email or on our social channels.
Following further information provided to us directly by the Italian company BeeVoip, it is necessary to correct a detail from our previous post regarding the...
Today's HOT includes 7 ransomware victims by the notorious Akira, NoEscape, ALPHV/BlackCat, ThreeAM, 8Base and Cactus gangs. The average Cyber Risk Factor is 3.7. Read below the...
Today's HOT includes 13 ransomware victims by the notorious Dunghill Leak, ALPHV/BlackCat, NoEscape, Medusa, Akira, Qilin, 8Base and Cactus gangs. The average Cyber Risk Factor is 4.1....
DARKRACE: ANALYSIS OF THE LAST APPEARED RANSOMWARE GROUP
DarkRace is a new ransomware group originally uncovered by the researcher S!Ri and that we recently found in our Dark Web Monitoring activities.
Here’s what we’ve discovered so far.
The ransomware is easily recognizable
DarkRace malware encrypts the infected files and appends its extension “.1352FF327” to filenames.
The ransom note, included in the text file named “Readme.1352FF327.txt”, informs victims that data has been stolen and encrypted with the threat to publish the info if the ransom is not paid.
The note also provides a link to access the Tor site and ways to contact the criminal group via qTox chat or email.
DarkRace ransom note
The victims belong to different categories
So far we discovered 9 DarkRace victims, one in May 2023 and (at the moment) 8 in June.
Analysing the victims categories we discovered they are 7:
ICT
Professional / Scientific / Technical
Transportation / Storage
Wholesale / Retail
Financial / Insurance
Manufacturing
Organizations
DarkRace victims
ICT and Professional / Scientific / Technical (both 22% of total attacks) are the most targeted categories.
Most of the victims are in Europe
78% of DarkRace victims are in Europe, while 22% are in America.
DarkRace affected continents
Italy is the most targeted country by the group (37% of cyber attacks), followed by US (25%).
DarkRace affected countries
CO.NA.TE.CO. (Consorzio Napoletano Terminal Containers), Pessi and Pluriservice are the latest Italian victims of DarkRace.
DarkRace CONATECO Italian victimDarkRace Pessi Italian victimDarkRace Plusservice Italian victim
Other targeted countries are Switzerland, Poland, Germany, the Czech Republic.
Ultimately DarkRace is a recently appeared group that seems to be accelerating its operations.
Although the cybercriminal group assures that victims will recover the data upon payment of the ransom, it is good to remember there is no guarantees and it’s never recommended to pay the criminals.
On the contrary, we suggest keeping computer systems safe by implementing all possible defensive strategies.
Following further information provided to us directly by the Italian company BeeVoip, it is necessary to correct a detail from our previous post regarding the...
Today's HOT includes 7 ransomware victims by the notorious Akira, NoEscape, ALPHV/BlackCat, ThreeAM, 8Base and Cactus gangs. The average Cyber Risk Factor is 3.7. Read below the...
Today's HOT includes 13 ransomware victims by the notorious Dunghill Leak, ALPHV/BlackCat, NoEscape, Medusa, Akira, Qilin, 8Base and Cactus gangs. The average Cyber Risk Factor is 4.1....
NOKOYAWA: ANALYSIS OF THE RE-EMERGED RANSOMWARE GROUP
Nokoyawa ransomware group re-emerged on Dark Web with a new list of victims and some peculiar behavior.
Nokoyawa DLS
Here’s what we’ve discovered so far.
It’s not a new ransomware group
Nokoyawa ransomware group is not new in the cybercrime scenario: in fact, it gained attention following a March 2022 report by Trend Micro, where the cybersecurity firm was originally linking their operation to the Hive ransomware family.
At the time Nokoyawa was showing similarities in Hive attack patterns and used tools.
There are connections with another group
This time the group is showing some interesting connection with Snatch, another cybercrime group.
Indeed, among the 26 victims named in Nokoyawa’s DLS, it seems that 6 were also targeted by Snatch and appear among their victims:
Gaston College
MSX International
City of Modesto
Canadian Nurses Association
Chattanooga State Community College
Liveaction
According to Cyble The Cyber Express this may not be a coincidence but the sign of a collaboration agreement.
In any case it is certainly a reminder of the way in which criminal organizations are increasingly collaborating with each other in order to maximize the results of their operations.
They were probably relying on a 0-day
Analysing the Nokoyawa malware strain, the ransomware is targeting 64-bit Windows-based systems in double extortion attacks.
According to Kaspersky the group may have used a (at the time) zero-day vulnerability of Microsoft Windows to deploy the ransomware . The vulnerability, identified as CVE-2023-28252, was subsequently promptly fixed and patched by Microsoft.
The victims belong to several categories
Analysing Nokoyawa victims we discovered that they belong to 12 main categories:
Education
Organizations
Professional / Scientific / Technical
ICT
Transportation / Storage
Gov / Mil / LE
Construction
Healthcare
Manufacturing
Wholesale / Retail
Energy / Utilities
Financial / Insurance
Nokoyawa victims
Education (19% of total attacks), Organizations, Professional / Scientific / Technical and ICT (11% each) are the most targeted categories.
Most of the victims are in America
Over two-thirds of the victims (61%) are in America, while 23% of the victims are in Europe.
Nokoyawa affected continents
Other continents involved in Nokoyawa’s attacks are Oceania (8% of attacks), Africa and Asia (4% each).
The US is the country most targeted by the group (54% of total attacks).
Nokoyawa affected countries
Other affected countries are:
UK
Australia
France
Philippines
Romania
Morocco
Canada
Brazil
Germany
They’re speeding up
We detected 26 victims of Nokoyawa in 2023, 5.2 per month on average.
Nokoyawa attacks in 2023
The attacks, which started quietly in the first months of the year, grow decisively in May where we already have 11 attacks in the group’s assets.
Nokoyawa last victim in May 2023
Ultimately Nokoyawa appears to be a particularly dangerous ransomware group.
On the one hand, the group has clearly demonstrated that it can count on several criminal associations that appear to have been beneficial.
On the other hand, Nokoyawa’s double extortion operations seem to be accelerating.
In this case, our recommendation is to update and keep secure the information systems, especially those based on Windows.
Following further information provided to us directly by the Italian company BeeVoip, it is necessary to correct a detail from our previous post regarding the...
Today's HOT includes 7 ransomware victims by the notorious Akira, NoEscape, ALPHV/BlackCat, ThreeAM, 8Base and Cactus gangs. The average Cyber Risk Factor is 3.7. Read below the...
Today's HOT includes 13 ransomware victims by the notorious Dunghill Leak, ALPHV/BlackCat, NoEscape, Medusa, Akira, Qilin, 8Base and Cactus gangs. The average Cyber Risk Factor is 4.1....