Dark Web Spotlight: Groove Ransomware Gang

There is no honor among thieves. Nor does there appear to be loyalty.

In the wake of the ransomware gang Babuk being hit with ransomware during an apparent disagreement with one of their affiliated hackers, a splinter group has emerged: the Groove ransomware gang.  Groove is shaking up the Ransomware-as-a-Service (RaaS) business model by welcoming all affiliates and targets so long as there is money to be made. Groove flexed its hacking muscle by leaking 500,000 Fortinet virtual private network passwords. On their website, they suggest they would soon “demonstrate their capabilities” on U.S. President Joe Biden. The RaaS industry has been shaken recently by increased scrutiny from national security groups and internal fights. The Conti ransomware gang had their playbook leaked by an angry affiliate. DarkSide went into hiding after the response to the Colonial Pipeline attack. Some dark web forums have stopped allowing advertisements for ransomware services. As a result, more are flocking to Groove.  50% of ransomware attacks start with an exposed or vulnerable asset like  Remote Desktop Protocols. CybelAngel Asset Discovery & Monitoring solution enables customers to secure themselves by locating vulnerable digital assets like remote desktop protocols, virtual private networks,  operation technology (OT), and IoT. These vulnerable assets are continuously monitored for vulnerabilities that expose the organization to potentially devastating cyber attacks like ransomware.