Albabat Ransomware Group Potentially Expands Targets to Multiple OS Uses GitHub to Streamline Operations
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Albabat ransomware group has evolved its malware to target Windows, Linux, and macOS devices, as evidenced by new versions 2.0.0 and 2.5. The group is using GitHub to streamline operations, storing configuration files and essential components. The ransomware ignores specific folders, encrypts certain file extensions, and kills various processes. It collects system information and stores it in a PostgreSQL database. The GitHub repository, created in February 2024, shows active development with increased activity during specific hours. A newer version 2.5 is likely in development, introducing new cryptocurrency wallets. To mitigate the threat, organizations should implement regular backups, network segmentation, system updates, and user training.
OPENCTI LABELS :
database,ransomware,cryptocurrency,encryption,github,multi-platform,albabat,configuration,system information
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Albabat Ransomware Group Potentially Expands Targets to Multiple OS Uses GitHub to Streamline Operations