In our recent blogs here on Euclid Security we’ve spoken about the danger of hackers and ransomware groups, and of course a few big names in the hacking community came up. Today we’re going to discuss some of the biggest and most dangerous ransomware groups that have been taking businesses hostage on a global scale.
1. DarkSide
DarkSide was the first ransomware group we spoke about in the Euclid Security blog thanks to their devastating attack on the Colonial Pipeline which caused havoc when they disrupted the gas supply all along the East Coast of the United States. Security provider, McAfee, has observed DarkSide targeting businesses within 25 different countries including the United States, France, Belgium and more.
It appears that DarkSide formed in summer 2020, with their first notable attack happening in August 2020. They immediately tried to foster a ‘Robin Hood’ image, claiming they donate some of the ransom money to charity (although no evidence of this exists). Additionally, DarkSide choose to not target healthcare centers, schools, and non-profit organizations. It has been suggested that DarkSide might be an offshoot of another ransomware group that we will cover shortly, REvil, as the ransomware code used by the two groups is suspiciously similar.
2. REvil (also known as Sodinokibi)
REvil had been active since May 2020 and operated as a ransomware-as-a-service (RaaS) organization, meaning they have affiliates who distribute their ransomware for them. Once the attack had taken place REvil would threaten to release proprietary information on their webpage, which they gleefully named ‘Happy Blog’.
One of the most high-profile attacks committed by REvil was stealing plans for a variety of upcoming products from tech-giant, Apple. In April of this year REvil stole plans for products which are said to include a pair of Apple laptops, a new Apple Watch and a new Lenovo ThinkPad. REvil then threatened to release the plans publicly unless they received $50 million. Mysteriously, on July 13th all REvil websites and other infrastructure disappeared from the internet, although it is suspected that they are simply operating under a new name with people speculating they are connected to the newer hacking group, BlackMatter.
3. HelloKitty
This is another name we’ve seen before on the Euclid Security blog, thanks to their large attack on CD Projekt Red, a large gaming company responsible for the likes of The Witcher series and more recently Cyberpunk 2077. HelloKitty stole information from CD Projekt directly, going on to leak parts of information across the internet when their threats were not taken seriously. CD Projekt later confirmed that HelloKitty successfully stole information, including data regarding their customers and employees.
HelloKitty appear to be a relatively recently formed ransomware group, with the oldest data on Malpedia being from November 2020. However, unlike DarkSide and REvil, HelloKitty seem to continue their activities with no signs of slowing the operation for now. Interestingly, the HelloKitty crew perform all of their hacking within their own team and seem to have a preference for targeting Linux systems.
4. Hive
Another self-contained hacking unit, we’ve added Hive to the list because although they are still up and coming, they appear to engage in particularly malicious behaviour even by hacking group standards. Hive have gone out of their way to target healthcare providers and smaller businesses, and even practice ‘double extortion’, which we spoke about in a previous blog.
It’s unknown when Hive formed, but reports about them have only been seen throughout 2021. In a Unit 42 ransomware report they explained that it is currently unknown how Hive is gaining access to their victims systems in the first place. Researchers explained “We don’t yet have information on how Hive ransomware is being delivered, but ransomware operators are known for buying access to certain networks, brute-forcing credentials or spear-phishing for initial access,”.
At Euclid Security we can help you protect your firm against ransomware and other types of attacks through our technical and consultation services. We are experts in building companies’ cybersecurity defence to help prevent cybersecurity attacks and reduce their impact if they do happen. If you need help with anything cybersecurity-related, including the prevention of ransomware attacks, then get in touch today for a no-obligation discussion.