New Ransomware and Stealer Frameworks Emerge
Key Questions
What new ransomware and stealer frameworks have recently emerged?
Recent developments include the Avalon modular framework with CrownX ransomware, Coinbase Cartel focused on data theft affecting over 60 victims, The Gentlemen RaaS, and Armored Likho's BusySnake stealer targeting government and energy sectors. These tools, along with activity from Qilin and Interlock groups, provide detailed TTPs for detection and hunting.
How did the Kairos group extort $1 million from an Ohio county?
Kairos used data extortion by stealing files and threatening to leak them without encryption, marking a shift toward reputation-based tactics. The small county paid the ransom quietly to avoid exposure of the stolen data.
Which ransomware groups are targeting the healthcare sector and what methods do they use?
Qilin and Interlock groups are actively targeting healthcare organizations through phishing, ScreenConnect abuse, and Fortinet exploits. Their detailed tactics, techniques, and procedures offer actionable insights for defenders.
Avalon modular framework with CrownX ransomware, Coinbase Cartel (data theft without encryption, 60+ victims), The Gentlemen RaaS (leaked chat data), and Armored Likho's BusySnake stealer targeting government/energy. Qilin and Interlock ransomware groups actively targeting healthcare with detailed TTPs (phishing, ScreenConnect abuse, Fortinet exploits). New case: Kairos data extortion group extracted $1M from a small Ohio county by threatening to leak stolen data without encryption, reinforcing the shift toward reputation-based extortion. All provide actionable TTPs for detection and hunting.