Underground Ransomware Being Distributed Worldwide

Description

The Underground ransomware gang is conducting global attacks against companies across various countries and industries. First identified in July 2023, the group resurfaced in May 2024 with a new Dedicated Leak Site. Their targets include multinational corporations from diverse sectors, with annual revenues ranging from $20 million to $650 million. The ransomware uses a combination of RNG, AES, and RSA encryption techniques, with each file encrypted using a different AES key. The malware is designed to leave insufficient traces for decryption in the local environment. It categorizes files based on size and employs a striping method for larger files. The ransomware also deletes shadow copies, restricts remote desktop connections, and stops interfering services before encryption.