Widely known malware-sharing community VX-Underground has been implicated by a new Phobos ransomware variant to be the developer of the updated strain, reports BleepingComputer.
Such incrimination by the novel Phobos variant includes the addition of a ".VXUG" suffix to encrypted files and the creation of two ransom notes that include references to VX-Underground, as well as its logo and contact details, according to ransomware researcher Pcrisk. S
imilar tactics emulating cybersecurity and infosec communities online have already been implemented by other threat actors in previous attacks, with REvil ransomware predecessor GandCrab discovered to have used ESET, Emsisoft, NoMoreRansom, and BleepingComputer as the names for its command-and-control servers. Last year, Azov ransomware also sought to frame BleepingComputer, MalwareHunterTeam, Hasherazade, ransomware expert Michael Gillespie, and late security researcher Vitali Kremez.
Kremez, along with SentinelOne, had also been implicated by the developer of Maze ransomware in 2020, while malicious comments regarding ransomware expert Fabian Wosar had also been used by the Apocalypse ransomware developer in 2016.
One year after its emergence in the threat landscape, Alpha ransomware has been discovered to resemble the Netwalker ransomware-as-a-service operation that was dismantled in January 2021, BleepingComputer reports.
Pennsylvania's Washington County has provided $346,687 worth of cryptocurrency to suspected Russian hackers behind a ransomware attack against its systems last month, according to The Record, a news site by cybersecurity firm Recorded Future.