We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Fortgale & Ransomware

In On this page the main information relating to the criminal groups that develop Ransomware. During Cyber Defense activities for the protection of company systems, Fortgale often identifies attempts at compromise by this type of threat.

Find out more about our Services!

Contacts Discover Fortgale

Lockbit

Alias: BITWISE SPIDER

The first activities attributed to Lockbit were recorded in September 2019, Ransomware became popular in 2021 thanks to the development of the LockBit 2.0 RaaS.

The Ransomware was used in attacks on more than 2,000 companies worldwide.

Lockbit uses the double extortion technique, in addition to that for data they require an additional ransom for non-disclosure of sensitive data.

LockBit affiliates (or Operators) often perform Brute-Force activities to gain RDP or VPN access to Companies, often purchase credentials in criminal marketplaces or use Phishing techniques to compromise victims’ accounts.

This ransomware uses AES algorithm in CBC mode to encrypt victims’ data.

Sources:
Fortgale Analysis Malpedia

Conti

Alias: –

The Conti criminal group develops and maintains the RaaS (Ransomware-as-a-Service) service, the first samples of which date back to 2019.

This is a highly efficient, multi-threaded ransomware used in targeted operations against large businesses. The name derives from the “.CONTI” format in which files encrypted via AES-256 and RSA-4096 are saved.

Initial access to infrastructure is often achieved through malware such as EMOTET, TRICKBOT and COBALT STRIKE, or through RDP and VPN credential theft.

Sources:
Fortgale Analysis Malpedia

Hive

Alias: VICE SPIDER

Hive is the name of the group that develops and maintains the Hive RaaS service, born in 2021. The affiliates, to compromise the victim infrastructures, exploit various techniques based on the initial compromise via Phishing and Malware.

Hive uses the double extortion technique, in addition to the ransom for the data, it requests an additional ransom for the non-disclosure of sensitive data.

Sources:
Fortgale Analysis Malpedia

© 2022

© 2023

© 2023