{"id":8392,"date":"2023-05-15T15:18:07","date_gmt":"2023-05-15T06:18:07","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8392"},"modified":"2023-05-30T15:20:04","modified_gmt":"2023-05-30T06:20:04","slug":"cisco-talos-reveals-ra-group-ransomware-targeting-usa-and-south-korean-organisations","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/cisco-talos-reveals-ra-group-ransomware-targeting-usa-and-south-korean-organisations\/","title":{"rendered":"Cisco Talos reveals RA Group ransomware targeting USA and South Korean organisations"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"8392\" class=\"elementor elementor-8392\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-971a550 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"971a550\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1f57912\" data-id=\"1f57912\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-71b4d7c elementor-widget elementor-widget-text-editor\" data-id=\"71b4d7c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Monday 15th of May 2023, Cisco Talos revealed a new ransomware group named &#8216;RA Group&#8217; that is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea.<\/p><p>The blog post covering the group revealed that their operation started in April 2023, when they launched a data leak site on the dark web on Sunday 22nd of April 2023 while the first batch of victimized organisations was\u00a0published on Thursday 27th of April 2023.<\/p><p>A notable characteristic of RA Group is their encryptor is based on the\u00a0leaked source code for the Babuk ransomware. An analysis of the encryptor revealed that it uses\u00a0intermittent encryption to alternate between encrypting and not encrypting sections of a file to speed up the encryption of a file. Another notable characteristic of RA Group is that each attack features a custom ransom note written specifically for the targeted organization, while the executable is also named after the victim. In the ransom notes, the group claim to give victims three days before a sample of stolen data is published on extortion sites.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Monday 15th of May 2023, Cisco Talos revealed a new ransomware group named &#8216;RA Group&#8217; that is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea. The blog post covering the group revealed that their operation started in April 2023, when they launched a data leak site on the dark web on Sunday<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8397,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[225,6,10,221,12,9,2,7,8,1],"tags":[],"class_list":["post-8392","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-heavy-industry","category-latest_news","category-latest_vulnerabilities","category-national-infrastructure","category-read_article","category-ransomware_criminals","category-ce_news","category-by_country","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2023\/05\/Picture1-9.jpg?fit=1377%2C1033&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8392"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8392"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8392\/revisions"}],"predecessor-version":[{"id":8400,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8392\/revisions\/8400"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8397"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}