Two new extortion gangs named ‘TommyLeaks’ and ‘SchoolBoys’ are concentrating on firms worldwide. However, there’s a catch — they’re each the identical ransomware gang.
Last month, safety researcher MalwareHunterTeam tweeted a couple of new extortion gang generally known as ‘TommyLeaks.’
This hacking group claims to breach company networks, steal information, and demand a ransom to not leak information. Ransom calls for seen by BleepingComputer vary from $400,000 to $700,000.
In October, MalwareHunterTeam found one other new extortion gang named ‘SchoolBoys Ransomware Gang’ that claims to steal information and encrypt victims’ gadgets as a part of their assaults.
BleepingComputer later discovered a pattern of the SchoolBoys ransomware encryptor [VirusTotal] and confirmed it was created utilizing the leaked LockBit 3.0 builder.
The menace actors steal information throughout their assaults however would not have a identified public information leak web site presently.
While there was nothing linking the teams on the time, they each used the identical Tor chat system for his or her negotiation websites.
|
|
Even extra curious, this identical chat system has solely been used earlier than by the Karakurt extortion group.
Two sides of the identical coin
This week, BleepingComputer has confirmed that each TommyLeaks and the SchoolBoys Ransomware Gang are, in actual fact, the identical extortion group.
In a SchoolBoys negotiation chat shared with BleepingComputer, the menace actors greet their sufferer as “TommyLeaks” of their makes an attempt to coerce a ransom cost.
While it’s unclear why they’re using two completely different names as a part of their operation, they could be attempting an identical strategy to that taken by Conti and Karakurt.
Earlier this 12 months, AdvIntel CEO Vitali Kremez instructed BleepingComputer that Karakurt was a part of the Conti cybercrime syndicate.
When Conti’s ransomware encryptor was blocked in assaults, the hackers extorted the sufferer utilizing the already stolen information underneath the Karakurt identify fairly than the Conti model.
To take it one step additional, because the TommyLeaks/SchoolBoys group makes use of the chat system as Karakurt, we could also be seeing a rebrand of the Conti offshoot into these newer manufacturers.
While it’s too quickly to inform if that is what is happening, the extortion group is one which enterprises must control as they’re concentrating on entities of all sizes.