Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates

Description

A new Ransomware-as-a-Service (RaaS) group called GLOBAL GROUP has emerged, likely a rebranding of the BlackLock RaaS operation. The group targets various sectors across the US and Europe, with a focus on healthcare providers. GLOBAL GROUP utilizes Initial Access Brokers to gain entry to vulnerable edge appliances and employs brute-force tools for Microsoft Outlook and RDWeb portals. Their ransom negotiation panel features AI-driven chatbots, enabling non-English-speaking affiliates to engage victims more effectively. The group offers an 85% revenue share to affiliates and provides a mobile-friendly control panel. GLOBAL GROUP's infrastructure has been traced to a Russia-based VPS provider, and their operations show similarities to previous Mamona ransomware activities.