Key Group uses leaked builders of ransomware and wipers
Essential information
- Published
- 02/10/2024 08:51
- Modified
- 02/10/2024 10:52
- Tags
- 2024-10-02 annabelle chaos hakuna matata judge/nocry leaked builders multi-stage loaders njrat persistence phishing ransomware ruransom russian-speaking slam telegram ux-cryptor wiper xorist
- Related entities
- 24 observables, 1 intrusion sets (apt), 17 techniques (mitre), 12 malware, 1 others
Description
Key Group, also known as keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group has been active since 2022, using various leaked ransomware builders and wipers, including Xorist, Chaos, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. They distribute their malware through phishing emails and GitHub repositories, often using multi-stage loaders. Key Group employs various persistence methods and primarily communicates with victims via Telegram. The group is suspected to be a subsidiary project of the Russian-speaking 'huis' group, known for conducting spam raids on Telegram channels. Key Group's use of publicly available ransomware builders highlights a growing trend among cybercriminal groups.