The bold motion signals a looming clash between Russian ransomware groups and the U.Southward.
UPDATE: Subsequent reporting and disclosures show “Groove” was a hoax intended to lure media outlets into reporting on false potential threats against U.South. government interests. Threatpost regrets falling for a troll. Lesson learned and apologies to our readers.
Post-obit the recent international law enforcement endeavour that dismantled the infrastructure for the REvil ransomware group, swain cybercrime group Groove called for revenge — encouraging the wider cyber extortionist community to band together to target U.S. interests.
At a time when the U.South. is leading the international law enforcement attempt to make splashy busts and shows of strength against cybercriminals, this seems like a bold bet past Groove. Merely they accept a programme.
BleepingComputer published a translation of the Russian blog post from Groove, filled with chest-thumping threats against the “US public sector, show this old man who is the boss here who is the boss and who will be on the Net.”
The language gets vaguely military in tone from there.
“While our boys were dying on honeypots, the nets from rude aibi squeezed their own… but he was rewarded with higher and now he will become to jail for treason, so permit’due south assist our state fight against such ghouls as cybersecurity firms that are sold to amers, like U.s. government agencies,” Groove’southward mail read.
The threat letter goes on to instruct against attacks on Chinese interests in case the sanction-strapped Russian government should decide to hand them over.
“I urge non to set on Chinese companies, because where practise we pinch if our homeland all of a sudden turns abroad from us, only to our adept neighbors – the Chinese!”
The cannonball from Groove seems to correlate with threats from last July from threat grouping Orange confronting U.S. government agencies and hospitals, BleepingComputer added.
Set up Upwards for a Showdown
Groover and their fellow threat actors seem to be itching for a fight with the U.Due south. regime and the current Biden Administration seems prepared to oblige. There’s a rolling clash looming, according to Galina Antova, Claroty’southward co-founder.
“This back and forth of threats and actions is just the offset,” she told Threatpost. “As ransomware groups, such equally REvil, hitting important disquisitional infrastructure companies, of course the U.Due south. government and other governments will retaliate. Unfortunately, by starting to target big infrastructure companies, the ransomware groups have crossed a boundary that requires more than simply ‘defending forrad’ and deterrence strategies.”
The move by Groover, coming fresh off the U.South. display of its achieve into these ransomware groups’ operations with REvil’s takedown, shows they’re prepared to retaliate rather than capitulate.
“Information technology shows an emboldened threat actor,” Antova said in reaction to Groove’s threat alphabetic character. “Whether they make those types of communications public or not, there is a certain level of cooperation betwixt ransomware groups in Russian federation (members) and fluidity around where the criminal organization stops and the government begins.”
Antova added that U.Due south. government interests are undoubtedly keeping a close eye on these groups.
“Given the level of attention that CISA, FBI and NSA are publicly demonstrating towards the Russian ransomware groups, nosotros can be certain they are closely monitoring groups such as Groove, whether those groups make public statements like this ane or not,” she said.
Equally this continues to play out, U.S. organizations need to be on high alert for these types of attacks and stop them before they start. There’s a long list of attacks that have already inflicted damage on the American infrastructure, including those on Colonial Pipeline and JBS Foods.
“While the intelligence community is doing great piece of work to have downwards these groups and think ransom payments, organizations in the U.S. and elsewhere however must do as much as they can to stop ransomware before it gets to the indicate of having to halt essential operations,” Antova warned. “It was only a matter of time until ransomware actors went later disquisitional networks, as those are crucial to operations and, therefore, valuable.”
Bank check out our free
upcoming alive and on-need online town halls
– unique, dynamic discussions with cybersecurity experts and the Threatpost customs.