Groove Ransomware Description
The Groove Ransomware was created by a relatively new group of financially motivated hackers It emerged after several established ransomware groups seized their activities after the actions taken by infosec agencies against the REvil group. Two of the hacker organizations that went dark were Babuk and DarkSide. According to the gathered evidence, it is believed that the Groove Ransomware consists of former Babuk members.
The Groove Ransomware hackers announced their presence on the scene by making a post on an underground hacker forum, where the group described itself as an 'aggressive financially motivated criminal organization.' According to the released manifesto, the hackers are not going to limit themselves only to ransomware operations, but are looking into various other nefarious money-making schemes.
One of the major actions taken by the Groove Ransomware group was the release of half a million Fortinet VPN SSL credentials approximately. The data leak consisted of 799 directories and 86,941 supposedly compromised VPN connections. The victims are spread across 74 different countries with 2,959 being located in the U.S.
More recently, the Groove Ransomware made another blog post on a Russian forum, in which it calls to action all other ransomware outfits to start attacking the U.S. and the country's public sector. At the same time, Groover appeal to the other hackers to avoid launching operations against Chinese interests, as China could one day become their only safe haven. Curiously, this proclamation comes just after another law enforcement operation that took down REvil's infrastructure.
It remains to be seen if the Groove Ransomware's post will influence the behavior of any other cybercrime organizations and lead to an increase in the attacks against U.S. companies and agencies.