On Friday 22nd of October 2021, the Groove ransomware gang released a Russian blog post in Russian which calls for all other ransomware operations to target US interests. This blog comes about after REvil was taken down because of an international law enforcement operation that included support from the FBI.
“I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors – the Chinese!” – the Groove ransomware gang.
The Groove ransomware gang also warns ransomware operations not to target Chinese companies as the Groove ransomware gang states that they plan to move their operations to China if Russia ends up taking a stronger stance on cybercrime that is based in Russia.
The responses to this announcement from other ransomware gangs were mixed. Orange, a threat actor who is known for launching the RAMP forum in July 2021, put out a post about purchasing access to data from U.S. hospitals and government agencies after posting about stepping down as the forum’s admin to pursue a new operation. Other threat actors like Arvin Club were happy with the end of REvil but the response from most other ransomware gangs, like Conti was in line with supporting Groove gang’s announcement where they described ransomware attacks as “the art of pen-testing corporate data security, information systems, and network security,” and questioned the legitimacy of the hack of REvil’s server.