Contact

Key Group uses leaked builders of ransomware and wipers

NetmanageIT OpenCTI - opencti.netmanageit.com

Key Group uses leaked builders of ransomware and wipers



SUMMARY :

Key Group, also known as keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group has been active since 2022, using various leaked ransomware builders and wipers, including Xorist, Chaos, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. They distribute their malware through phishing emails and GitHub repositories, often using multi-stage loaders. Key Group employs various persistence methods and primarily communicates with victims via Telegram. The group is suspected to be a subsidiary project of the Russian-speaking 'huis' group, known for conducting spam raids on Telegram channels. Key Group's use of publicly available ransomware builders highlights a growing trend among cybercriminal groups.

OPENCTI LABELS :

phishing,ransomware,telegram,njrat,wiper,persistence,chaos,slam,hakuna matata,annabelle,ruransom,ux-cryptor,multi-stage loaders,leaked builders,russian-speaking,judge/nocry,xorist


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Key Group uses leaked builders of ransomware and wipers