Editor's note: A week after this aggregated item published, the threat actor behind Groove ransomware released a statement in which they highlighted the “hoax” behind the Groove ransomware: That it was never about holding organization’s ransom, but rather was a social engineering experiment to check whether it was possible to manipulate the Western media through a ransomware blog. More details can be found at this blog from Flashpoint.
reports that the Groove ransomware group has urged other ransomware operators to attack the U.S. public sector in a Russian blog post following the shutdown of the REvil ransomware gang last week.
However, ransomware groups have been warned not to attack Chinese
companies, as China would be a safe haven for cybercriminals in the event Russia puts in increased action against cybercrime within its borders.
"In our difficult and troubled time when the U.S. government is trying to fight us, I call on all partner programs to stop competing, unite and start xxcking up the U.S. public sector, show this old man who is the boss here who is the boss and will be on the Internet while our boys were dying on honeypots, the nets from rude alibi squeezed their own," a portion of the translated message from Groove read.
A threat actor dubbed "Orange," who led the RAMP cybercrime forum in July after the disruption of Babuk ransomware, is thought to be one of Groove's representatives. Orange had resigned from RAMP and had a newer post touting purchase of network access to government agencies and hospitals across the U.S., indicating a new ransomware operation, but it remains unclear whether Orange will be performing the attacks under Groove or a new operation.