Groove Ransomware Administrators Threaten to go After US Entities and Companies
Many ransomware gangs tend to share affiliates, resources, and other data in order to enhance each other's attacks. Apparently, some of them do not see each other as competitors and, instead, they tend to co-operate. The latest proof of this is a statement that the Russian-speaking operators of the Groove Ransomware have released. Their blog post mentions the recent shut down of the REvil Ransomware gang, which appears to have been an operation carried out by the Federal Bureau of Investigation (FBI.)
While the news of REvil's demise is great, this might prompt other ransomware gangs to ramp up their operations. This is what the Groove Ransomware's creators appear to suggest. According to their post, they are disgruntled with the US government's attempts to take down their campaigns, and they are planning their revenge. Their messages focuses on coercing likeminded cybercriminals to focus on attacking US-based entities, companies and government institutions.
Who are the Criminals Behind the Groove Ransomware?
The first online information about the Groove Ransomware project surfaced at the beginning of September. The first publications about this campaign were posted on a new hacking forum called RAMP. Allegedly, the creator of the forum was previously affiliated with other major ransomware gangs like the BabukLocker Ransomware.
One of the peculiar things about the Groove Ransomware is that its creators appear to focus on more than file-locking malware. According to their posts and advertisements, they are looking to hire penetration testers and rogue company employees. If the creators of this project are serious about their intentions, the Groove Ransomware gang may turn out to be one of the largest financially-motivated actors at the moment.
It seems that some of the members of the RAMP forum that the Groove Ransomware creators use are affiliated with other ransomware projects that were popular recently. These include the BlackMatter Ransomware and the GandCrab Ransomware. We are yet to see whether Groove Ransomware's intentions will come to fruition.