Key Group: another ransomware group using leaked builders
Essential information
- Published
- 01/10/2024 19:48
- Modified
- 01/10/2024 20:53
- Tags
- 2024-10-01 annabelle chaos financially-motivated github hakuna matata judge/nocry leaked builders multi-stage loaders njrat persistence ransomware ruransom russian-speaking slam telegram ux-cryptor wiper xorist
- Related entities
- 1 intrusion sets (apt), 18 techniques (mitre), 12 malware, 1 others
Description
Key Group is a financially motivated ransomware group primarily targeting Russian users. They use various leaked ransomware builders including Chaos, Xorist, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. The group's activity has been tracked since April 2022, with their tactics evolving over time. They deliver malware through multi-stage loaders, often using GitHub repositories for distribution. Key Group employs various persistence methods and primarily communicates with victims via Telegram. The group is suspected to be a subsidiary project of the Russian-speaking 'huis' group, known for spam raids on Telegram channels.