CosmicBeetle is a cybercriminal group exploiting vulnerabilities in software commonly used by small and medium-sized businesses (SMBs) across Turkey, Spain, India, and South Africa. Their main tool, a custom ransomware called ScRansom, is still under development, leading to various issues in the encryption process. This sometimes leaves victims unable to recover their data, making the ransomware not only dangerous but also unpredictable.
Based on analysis by Slovakian cybersecurity firm ESET, CosmicBeetle’s skills as malware developers are relatively immature. This inexperience has led to chaotic encryption schemes, with one victim’s machines being encrypted multiple times. Such issues complicate the decryption process, making it unreliable for victims to restore their data, even if they comply with ransom demands. Unlike well-established ransomware groups that focus on making the decryption process smoother to encourage payment, CosmicBeetle’s flawed approach undermines its effectiveness, leaving victims in a state of uncertainty.
Interestingly, the group has attempted to boost its reputation by implying ties to the infamous LockBit group, a well-known and more sophisticated ransomware operation. However, these claims seem to be a tactic to appear more credible to their victims. CosmicBeetle has also joined the RansomHub affiliate program, which allows them to distribute third-party ransomware, likely as an attempt to strengthen their attack strategies. The group primarily targets outdated and unpatched so
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: