Stratos Ally

Subscribe
Subscribe
Facebook-square Instagram Linkedin Youtube X-twitter

‘Repellent Scorpius’ Group: A New Player in the Ransomware Game   

Picture of StratosAlly

StratosAlly

Facebook-square Instagram Linkedin Youtube X-twitter
'Repellent Scorpius' Group: A New Player in the Ransomware Game    The "Repellent Scorpius" Ransomware-as-a-Service (RaaS) group has emerged, using a powerful tool called Cicada3301 ransomware. This ransomware, written in the Rust programming language and named after a challenging cyber puzzle known as the "Cicada puzzle." is not only powerful but also mysterious.   Ransomware-as-a-Service (RaaS) allows cybercriminals to lease their malware to affiliates, who then conduct attacks in exchange for a share of the ransom profits. Repellent Scorpius is using the same and is also actively recruiting initial access brokers (IAB) and network intruders through Russian-language cybercrime forums to expand its operations.   What makes Repellent Scorpius particularly dangerous is its "double-tap" attack strategy. Let's take an example to understand this. Imagine a thief steals your smartphone and demands money to return it. But instead of just keeping the phone, the thief also makes copies of all the photos and videos on it and threatens to share or sell them if the ransom is not paid.    In the case of Repellent Scorpius, they first lock up or encrypt a victim's data so it cannot be used without a unique key. Then, they steal and threaten to publish or sell that data if the ransom is not paid. This double threat, blocking access and exposing sensitive information, makes their attacks more severe and dangerous.    Interestingly, while the Cicada3301 ransomware is relatively new, Unit 42 researchers have found that Repellent Scorpius's activities predate its emergence, with hints that the group might be linked to the malicious BlackCat ransomware family. The group is estimated to have begun their operations in May 2024. However, the first activity on the data leak site was noticed in June. There was a brief lull in activity on the leak site around June 19th, but the ransomware group is now back. Interestingly, there is evidence that they have data from older breaches, suggesting either a different ransomware was used before or that they obtained data from other ransomware groups. Cybersecurity experts warn that attacks from this group might increase soon, so organizations must be extra cautious. The rise of Repellent Scorpius shows how ransomware groups are becoming more complex and connected. As this group recruits more members, we should expect a surge in cyberattacks and more compromised systems and data breaches.

The “Repellent Scorpius” Ransomware-as-a-Service (RaaS) group has emerged, using a powerful tool called Cicada3301 ransomware. This ransomware, written in the Rust programming language and named after a challenging cyber puzzle known as the “Cicada puzzle.” is not only powerful but also mysterious. 

Ransomware-as-a-Service (RaaS) allows cybercriminals to lease their malware to affiliates, who then conduct attacks in exchange for a share of the ransom profits. Repellent Scorpius is using the same and is also actively recruiting initial access brokers (IAB) and network intruders through Russian-language cybercrime forums to expand its operations.  

What makes Repellent Scorpius particularly dangerous is its “double-tap” attack strategy. Let’s take an example to understand this. Imagine a thief steals your smartphone and demands money to return it. But instead of just keeping the phone, the thief also makes copies of all the photos and videos on it and threatens to share or sell them if the ransom is not paid.   

In the case of Repellent Scorpius, they first lock up or encrypt a victim’s data so it cannot be used without a unique key. Then, they steal and threaten to publish or sell that data if the ransom is not paid. This double threat, blocking access and exposing sensitive information, makes their attacks more severe and dangerous.   

   

Interestingly, while the Cicada3301 ransomware is relatively new, Unit 42 researchers have found that Repellent Scorpius’s activities predate its emergence, with hints that the group might be linked to the malicious BlackCat ransomware family. The group is estimated to have begun their operations in May 2024. However, the first activity on the data leak site was noticed in June. There was a brief lull in activity on the leak site around June 19th, but the ransomware group is now back. Interestingly, there is evidence that they have data from older breaches, suggesting either a different ransomware was used before or that they obtained data from other ransomware groups. 

Cybersecurity experts warn that attacks from this group might increase soon, so organizations must be extra cautious. The rise of Repellent Scorpius shows how ransomware groups are becoming more complex and connected. As this group recruits more members, we should expect a surge in cyberattacks and more compromised systems and data breaches. 

more Related articles

READ ALL