Researchers in cybersecurity have detailed the techniques of a “rising” cybercriminal group known as “Read The Manual” (RTM) Locker, which operates as a private ransomware-as-a-service (RaaS) provider and conducts opportunistic attacks to make illegal profit.
“The ‘Read The Manual’ Locker gang uses affiliates to ransom victims, all of whom are forced to abide by the gang’s strict rules,” cybersecurity firm Trellix said in a report shared with The Hacker News.
“The business-like set up of the group, where affiliates are required to remain active or notify the gang of their leave, shows the organizational maturity of the group, as has also been observed in other groups, such as Conti.”
Originally identified by ESET in February 2017, RTM began in 2015 as a banking malware targeting Russian businesses using drive-by downloads, spam, and phishing emails. The group’s attack chains have since expanded to include the deployment of a ransomware payload on compromised hosts.
The Russian-speaking organization was linked to an extortion and blackmail effort in March 2021 that used a trinity of threats, including genuine remote access tools, a banking trojan, and a ransomware strain known as Quoter. According to Trellix, there is no connection between Quoter and the RTM Locker ransomware executable utilized in the r
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: