Newly Arisen Ransomware Operators Swiftly Attack Four Crucial Infrastructure Suppliers
A new ransomware threat, known as the RA Organization, has emerged on the cybersecurity landscape. This organization, which first appeared on April 22, is causing concern with its use of the highly customized Babuk ransomware source code.
According to Cisco Talos researchers, the Babuk ransomware source code has been involved in a global spree of ransomware attacks earlier this year, particularly targeting organizations using VMware ESXi servers. The RA Organization is the latest to utilize this code, and they are making headlines with their aggressive tactics.
Within a week of its emergence, the RA Organization compromised four organizations, three based in the United States and one in South Korea. The first three victims had their data encrypted and stolen, a common tactic used by ransomware groups.
The RA Organization employs a form of double extortion, a tactic designed to increase pressure on organizations to pay the ransom. This involves not only encrypting the data but also stealing it and threatening to leak it if the ransom isn't paid within a specified timeframe. The organization has been issuing ransom notes, warning of a leak of sample files within three days and a full release of stolen data within a week if the ransom isn't paid.
RA Organization's methods are not limited to these threats. They also list compromised organizations on their leak site, a practice that adds to the pressure on the affected companies.
The RA Organization is targeting organizations in the manufacturing, finance, insurance, and pharmaceuticals sectors. However, the search results do not provide information about the name of the organization affected by a ransomware attack from the RA Organization on April 28, 2022.
It's important to note that the RA Organization is a new and highly active ransomware threat actor. In fact, a customized strain of Babuk ransomware called Rorschach, which was described as the 'fastest ever ransomware' by researchers at Check Point, was first detected last month. This strain is capable of encrypting data more quickly than other known strains, making it even more dangerous.
As always, it's crucial for organizations to prioritize cybersecurity measures to protect themselves from such threats. Regular backups, strong passwords, and employee training are essential steps in protecting against ransomware attacks. Stay vigilant, and stay safe.
Read also:
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
- Malicious applications with 38 million installs on Google Play have been removed; here's what you can do to ensure your device's security.
- Business Woes Unveiled: The Sticky Situation of PCI Compliance Revealed as a Valuable Ally for Your Enterprise
