Cybersecurity Snapshots - Meow Ransomware
By aekwall
In 2022, four ransomware strains were discovered derived from Conti's leaked ransomware strain. One of them was Meow ransomware. The Meow Ransomware group was first identified in August 2022 and persisted until March 2023, when a free decryptor for the Meow ransomware was released. The group then went silent, but has recently reemerged.
The group also operated under names like MeowCorp and MeowLeaks and employed the ChaCha20 algorithm to encrypt data on compromised servers. Victims were instructed to contact the extortionists through email or Telegram to receive instructions on paying the ransom and recovering their files. At their height, the Meow ransomware group had 257 victims on their leak site. Fourteen of the victims are known to have paid the group to regain access to their data.
In late 2023, the Meow ransomware group reemerged but now seems to have different tactics. Initially, Meow used double extortion techniques, but now, because of the existence of a decryptor, the group is now operating solely as an extortion group. As of March 2024, the group had 24 victims on its leak sites. Compared to the old Meow group, victim preferences are also quite different. Their country target list is not as extensive as in the past. The vast majority of their targets (17) are in the US. Meanwhile, Morocco has experienced 2 attacks, while Canada, the UK, Italy, Nigeria, and Singapore each have 1 victim. Security researchers at SocRadar noted that the group is likely selecting targets with sensitive data since they cannot rely on encryption to extort payment. Industries such as Healthcare and Medical Research are frequently targeted in their attacks. According to security researchers at Check Point, Meow recently picked up activity and claimed nine percent of all global ransomware attacks, putting it ahead of nearly all rivals except RansomHub. Organizations must stay updated on ransomware prevention best practices to protect against old and new ransomware variants. Security researchers expect Meow to keep ramping up the number of attacks they perform in the future.
To see previous articles, please visit the Cybersecurity Snapshots Archive.