The Groove ransomware gang, which is considered to be linked to the Babuk gang, has publicly called on all other ransomware gangs to band together and target the US government. This appears to be retaliation for the REvil gang’s recent detention.
Groove posted a remark on a Russian blog, which is thought to be the source of the leak.The statement urges all other ransomware gangs to stop competing and band together against the United States.
The statement makes mention of federal agencies’ recent arrests and other efforts against ransomware gangs (supposedly REvil).
The message also warns all gangs not to target Chinese businesses.According to the post, if Russia decides to stop tolerating ransomware activities and take action against them, China is the next possible safe haven for them.
After Babuk Ransomware announced its retirement from the ransomware business in July 2021, a threat actor previously linked with the group started the RAMP hacking forum.*The hacker forum was hosted by the actor known as Orange, who used admin credentials on Baby’s Tor site. He just announced a shift in the forum’s administration.
Furthermore, according to another post by this threat actor, it would shortly launch a new ransomware operation targeting hospitals and government entities in the United States.
Researchers have now looked at this shared interest and the implied relationships between Groove’s post on the Russian site and the aforementioned Orange posts.
Other threat actors may be contemplating assaults against US-based firms, in addition to Groove and Orange’s recent posts. To avert serious harm, now is the moment for businesses to beef up their cyber defences and develop proactive tactics to combat such assaults.