"Groove Ransomware Gang is a Motley Crew of Disgruntled Hackers, Researchers Say"
Another new ransomware gang is making waves with an unconventional structure, its unique pedigree, and an early victim. A coalition of researchers on Thursday explained what makes Groove, a gang that quietly emerged in July with a website, different: namely, it eschews the traditional ransomware-as-a-service hierarchy in favor of an opportunistic pledge that they’ll work with anyone as long as there is money to be made. Researchers from McAfee Enterprises, Intel 471, and Coveware traced the group’s origins to a likely split with the Babuk gang. Already, the researchers uncovered evidence that Groove has worked with another ransomware gang, BlackMatter, that likewise recently emerged. That group is thought to be an updated version of DarkSide, a Russia-based group behind the attack against Colonial Pipeline in May. This week, Groove leaked 500,000 Fortinet virtual private network passwords. Also, on Thursday, its website suggested that it would soon “demonstrate its capabilities” on U.S. President Joe Biden.