"Ransomware Group Claims 2.5 Terabytes of Stolen Data Less Than a Month After Emerging Online"
Security researchers at Cisco Talos have discovered a ransomware group that has emerged recently and has already listed four victims, including three in the U.S., on its leak site. The “RA GROUP” is just the latest entity to use the Babuk ransomware source code, which a developer leaked in September 2021 on a Russian-language forum. The researchers noted that despite having emerged online on April 22, RA GROUP has already claimed to have stolen nearly 2.5 terabytes of data across just four victims, three in the U.S. and one in South Korea. Three of the victims were posted on April 27, and the next on April 28. The American targets include a smaller company in the insurance industry and two larger companies in financial services, and an electronics supplier servicing the computer, communication, aerospace, marine, and military industries. The researchers noted that the RA GROUP website has undergone cosmetic changes since it was first published, “confirming they are in the early stages of their operation.” The researchers stated that the group uses custom ransom notes for each victim that informs them they have three days to pay before a sample is published and seven days before the full set is published. Victim entity names are also hardcoded into the executable files, a characteristic the researchers describe as “unusual” for ransomware groups.