Ransomware Roundup - Underground

SUMMARY :

The Underground ransomware, first observed in July 2023, targets Windows machines by encrypting files and demanding ransom. Attributed to the Russia-based RomCom group, it exploits CVE-2023-36884 and other common infection vectors. The ransomware deletes shadow copies, modifies RemoteDesktop settings, and stops MS SQL Server. It drops a ransom note and encrypts files without changing extensions. The group's data leak site lists 16 victims across various industries and locations. FortiGuard Labs provides protection against this threat through antivirus detection and other security solutions.

OPENCTI LABELS :

windows,encryption,storm-0978,underground,romcom,cve-2023-36884,data leak


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Ransomware Roundup - Underground