Key Group: another ransomware group using leaked builders

Oct. 1, 2024, 8:53 p.m.

Description

Key Group is a financially motivated ransomware group primarily targeting Russian users. They use various leaked ransomware builders including Chaos, Xorist, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. The group's activity has been tracked since April 2022, with their tactics evolving over time. They deliver malware through multi-stage loaders, often using GitHub repositories for distribution. Key Group employs various persistence methods and primarily communicates with victims via Telegram. The group is suspected to be a subsidiary project of the Russian-speaking 'huis' group, known for spam raids on Telegram channels.

External References

https://securelist.com/key-group-ransomware-samples-and-telegram-schemes/114025/
https://otx.alienvault.com/pulse/66fc5204f623a76e870d044d
Tags
ransomware
persistence
njrat
wiper
github
telegram
chaos
financially motivated
2024-10-01
xorist
slam
hakuna matata
annabelle
ruransom
ux-cryptor
multi-stage loaders
leaked builders
russian-speaking
judge/nocry

Date

  • Created: Oct. 1, 2024, 7:48 p.m.
  • Published: Oct. 1, 2024, 7:48 p.m.
  • Modified: Oct. 1, 2024, 8:53 p.m.

Attack Patterns

  • Hakuna Matata
  • Judge/NoCry
  • UX-Cryptor
  • RuRansom
  • Slam
  • Annabelle
  • Xorist
  • Chaos - S0220
  • LV
  • Bladabindi
  • Njw0rm
  • njRAT - S0385
  • Key Group

Additional Informations

  • Russian Federation