Threat Management

TommyLeaks, SchoolBoys ransomware gangs found to be the same

BleepingComputer has confirmed that the new TommyLeaks and SchoolBoy data extortion groups are the same ransomware gang. TommyLeaks was initially reported last month by security researcher MalwareHunterTeam to have claimed to target corporate networks, perform data exfiltration, and seek ransom demands ranging from $400,000 to $700,000 to prevent data leaks. SchoolBoys Ransomware Gang was uncovered by MalwareHunterTeam earlier this month to have performed data theft and device encryption. BleepingComputer later discovered that both TommyLeaks and SchoolBoys, which had a LockBit 3.0 builder-based encryptor, had negotiation sites using the identical Tor chat system, which was also previously used by the Karakurt threat group. Further links between TommyLeaks and SchoolBoys were uncovered after SchoolBoys posed as "TommyLeaks" to coerce victims into paying the ransom. Such an approach was also utilized by Conti and Karakurt. Karakurt has also been used by TommyLeaks/SchoolBoys in conversations with victims, indicating that the groups may be offshoots of Conti.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.