It is not new that ransomware operators and other malware join hand to evolve with strategies for better attacks. For example, Ryuk and Conti collaborated with TrickBot. These collaborations inspire newer malware groups to take up these strategies. One such collaboration occurred between Cuba ransomware with Hancitor which was reported by Group-IB, a cyber security firm.
Ransomware joining malware group-
This ransomware campaign has been attributed to the threat group named Balbesi by the researchers.
- The attackers decoyed DocuSign invoices for distribution to Hancitor malware using malicious spam campaigns.
- The threat actors dropped Cobalt Strike beacons on the infected computer for gathering network credentials and domain information.
- These campaigns have affected the organizations from various sectors which include pharmaceutical, educational, industrial, etc. mainly from Europe and the US.
- Profero, a cybersecurity firm revealed that the group is from Russia.
- After the attack by this ransomware against the payment processor Automatic Funds Transfer Service (AFTS), numerous U.S. cities and agencies had disclosed data breaches
These kinds of groups need a strict eye from security experts to be able to control the threats caused by them.