RA ransomware gang attacks four companies in less than a month


Leaked source code from cybercriminal gang Babuk continues to wreak havoc, with a new ransomware gang, RA, using it to launch cyberattacks. RA has built malware based on Babuk’s code and used it to steal 2.5 terabytes of data from four victim companies in the US and South Korea. 

RA Ransomware
RA ransomware has struck four companies in less than a month. (Photo by ROB ENGELAAR/ANP/AFP via Getty Images)

RA was first spotted in April, and has already racked up a list of victims according to a report released today by security company Cisco Talos.

RA ransomware gang attacks four companies

The Cisco Talos research says: “RA Group launched their data leak site on April 22, 2023, and on April 27, we observed the first batch of victims, three in total, followed by another one on April 28.

“We also observed the actor making cosmetic changes to their leak site after disclosing the victim’s details, confirming they are in the early stages of their operation.” 

The cybercrime group employs the same tactics as other ransomware gangs, using double extortion to press the victims into paying. This is where a criminal will exfiltrate data from a system before encrypting it so they can blackmail them into paying the ransom as well as charging them for the decryption key.

Victims are also posted onto a dark web blog to leverage the threat of data being released.

The gang is a little more ruthless than most, selling the data after three days, according to the ransom note published in the report: “Your data has been encrypted when you read this letter. We have copied all data onto our server, but don’t worry, your data will not be compromised or made public if you do not want,” it says. Typically criminals give their victims weeks or months to pay up.

“We took your data and encrypted your servers,” it continues. “Contact us, pay for decryption. If there is no contact within three days, we will make the sample file public. If there is no contact within seven days, we will make the file public. Do not contact us through other companies, they just earn the difference.”

Content from our…

Source…