Threat actor believed to be spreading new MedusaLocker variant since 2022
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A financially motivated threat actor has been active since 2022, delivering a MedusaLocker ransomware variant called 'BabyLockerKZ'. The group targets organizations worldwide, with a focus shift from EU countries to South American countries in mid-2023. The actor uses a combination of publicly known attack tools and custom-built software, including a lateral movement tool named 'checker'. The BabyLockerKZ variant differs from the original MedusaLocker in several aspects, such as registry keys and encryption methods. The group's aggressive tactics and high volume of attacks suggest it may be an Initial Access Broker or ransomware affiliate.
OPENCTI LABELS :
ransomware,lateral movement,credential theft,iab,financially motivated,babylockerkz,medusalocker
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Threat actor believed to be spreading new MedusaLocker variant since 2022