Cybersecurity Snapshots - The dAn0n and Arcus Media Ransomware Groups

By aekwall 

According to a new study by NCC Group, two new ransomware gangs made the list of top 10 ransomware gangs with the most successful cyberattacks in May.  This includes dAn0n and Arcus Media.  The dAn0n Ransomware Group was initially spotted in late April. According to security researchers at the NCC Group, in May they were ranked 8th among ransomware groups in the number of successful ransomware attacks, with 13 attacks. According to security researchers at Cyberint, most victims were in the United States, with business services being the primarily targeted sector.  The researchers noted that the dAn0n's data leak site has a lack of emphasis on design or a visible logo, which might suggest that the group prioritizes attack methodologies over branding, and the group might have few people behind it. Some of the companies breached by dAn0n in May include RSH LegalO'Connell Mahon ArchitectsEKI Environment & Water, Inc.Information Integration ExpertsCollege Park IndustriesNortheast Orthopedics and Sports MedicineGlenwood ManagementAllen Blasting and Coating, Inc.Semilab Semiconductor Physics Laboratory Co. LTD., and The Black Law Firm. According to security researchers the group prefers the double extortion method, a cyberattack that combines ransomware with data theft and exfiltration. 

Arcus Media Ransomware Group started in May 2024. According to security researchers at the NCC Group, Arcus Media ranked 10th among ransomware groups in the number of successful ransomware attacks in May with 11. According to security researchers at Halcyon, Arcus Media uses phishing emails with malicious attachments to gain initial access. They deploy custom ransomware binaries and obfuscated scripts to execute the payload, create scheduled tasks for persistence, and use tools like Mimikatz for privilege escalation. Their methods include both regular extortion and double extortion. Arcus Media operates as a Ransomware-as-a-Service (RaaS), allowing other threat actors to use their malware. The researchers noted that they have a unique affiliate program that requires new affiliates to be referred by existing ones. The group has targeted multiple sectors, including government, finance, healthcare, and education, with notable attacks on US telecom and London hospitals. 

Even though dAn0n and Arcus Media are new to the ransomware world, organizations must stay updated on best cybersecurity practices to protect against old and new ransomware variants.  Security researchers expect dAn0n and Arcus Media to ramp up the number of attacks they perform in the future.

To see previous articles, please visit the Cybersecurity Snapshots Archive

Submitted by Gregory Rigby on