Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new Ransomware-as-a-Service (RaaS) group called GLOBAL GROUP has emerged, likely a rebranding of the BlackLock RaaS operation. The group targets various sectors across the US and Europe, with a focus on healthcare providers. GLOBAL GROUP utilizes Initial Access Brokers to gain entry to vulnerable edge appliances and employs brute-force tools for Microsoft Outlook and RDWeb portals. Their ransom negotiation panel features AI-driven chatbots, enabling non-English-speaking affiliates to engage victims more effectively. The group offers an 85% revenue share to affiliates and provides a mobile-friendly control panel. GLOBAL GROUP's infrastructure has been traced to a Russia-based VPS provider, and their operations show similarities to previous Mamona ransomware activities.
OPENCTI LABELS :
ransomware-as-a-service,cross-platform,initial access brokers,mamona,mobile control panel,ai-driven negotiation,black lock,vpn brute-force
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates