You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Dark Web M&A Deals

A prominent hacker group gets acquisitive. And it spells trouble.

Dark Web M&A

Yes, cybercriminals are now in the mergers & acquisitions game.

Flush with cash, the notorious REvil team (aka Sodinokibi) expanded its reach with a recent acquisition at a Dark Web auction.

The REvil gang makes more than $100 million from ransom demands each year. - according to UNKN (yes, that's a real Dark Web handle)

UNKN, the public face of the REvil gang, made the purchase. For those unfamiliar, Dark Web operators work under "handles" or online personas. In this case, UNKN is actually well known to be affiliated with the REvil team.

The asset purchased includes the source code of a "trojan" form of malware. The KPOT trojan disguises itself upon entry in a victim network and then extracts passwords once inside. It has very broad capabilities in credential theft - including "web browsers, instant messengers, email clients, VPNs, RDP services, FTP apps, cryptocurrency wallets, and gaming software."

KPOT is a classic "information stealer" that can extract and steal passwords from various apps on infected computers.

Security experts believe the REvil team purchased the code to add to its existing Ransomware-as-a-service (RaaS) and expand on KPOT's stealing capabilities.

Yes, you should be alarmed that there's a known acronym for this. REvil (and others) operate RaaS platforms on the Dark Web where anyone can hop on and pay the license fee for access. It's then on the hacker to distribute the licensed malware as desired.

This all means that the already-successful REvil Ransomware attacks will pack a meatier punch for infected victims.

If you're wondering how they find these hackers to distribute their malware, look no further than NetWalker Group's recruiting initiative.

This "business" has become wildly profitable for cybercriminals, and they will keep expanding.

The good news is that these hackers can be stopped!

The first step is training your team to avoid the initial Phishing email, the ones that these cybercrime organizations are sending every single day.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

Start with a quick quote - hit us up here! (No sales call necessary!)

Original article here.
[https://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/]

Joel Cahill

Cyber security enthusiast. Entrepreneur.