After authorities and organizations started fighting back and making international, coordinated efforts to dismantle some of the biggest cybercrime operations in the world, including several of the most notorious ransomware gangs, now it seems the hackers are attempting to rally their forces and fight back.
The Groove ransomware gang published a recent post on its dark web blog, and the message was both clear and unnerving. The Groove crew is calling to all Russian-language hacker outfits and cybercrime gangs to unite in an effort to attack what could be broadly described and translated as "US interests", encompassing all meanings of the word.
The blog post was a passionate call to action, written in Russian. In short, the post calls all Russian ransomware and cybercrime groups to stop "competing" and to focus and coordinate their efforts in what Groove hopes will be a coordinated push against the US.
Other interesting points in the blog post include a clear message not to attack any entities and organizations located in China, as the hacker group sees the country as a last safe haven, in case Russian authorities start coming down hard on cybercrime.
China is referred to as a "good neighbor", while several racial slurs and inappropriate words are flung in the direction of both the US population and President Joe Biden, in keeping with the hackers' classy mode of operation.
It is too early to tell whether those attempts to rally Russian-speaking hackers will culminate into a meaningful threat, but the fact that this appeal was made in the first place is still grounds for alarm.
The statement and blog post are likely made as an attempt to retaliate against the takedown of REvil's infrastructure and servers. An organized push involving international authorities, including the US FBI, led to the strike against the threat actor that took REvil off the grid in late October 2021.
Obviously, US enterprises, corporations and public organizations need to be especially vigilant in light of the threat from increased, focused pressure from Russian-speaking threat actors.