New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame


Cybersecurity researchers at Netenrich have uncovered a new ransomware group called Red Ransomware Group (Red CryptoApp). This group operates differently from typical ransomware outfits, adding a twist to their extortion tactics.

Unlike most ransomware groups that keep their operations under wraps, Red CryptoApp appears to be taking an aggressive approach. According to Netenrich, the group has established a “wall of shame” where they publish the names of companies they have successfully targeted. This tactic aims to humiliate victims and pressure them into paying the ransom to have their names removed.

Maze Ransomware and Red Ransomware Group

Although the origins of the Red CryptoApp ransomware are yet unknown based on the listing on its dark web leak site, it is believed that the group started their operation in February 2024.

Red Ransomware Group Red CryptoApp
Ransomware note of the Red Ransomware Group Red CryptoApp (Screenshot: Hackread.com)

It is also worth mentioning that, researchers have noted some similarities between one of the ransomware notes written by the group and the Maze ransomware gang in 2020. It could be a coincidence; therefore, it is unclear if Red Ransomware Group is a spinoff of the Maze gang which shut down its operation in November 2020.

Netenrich’s blog post offers a technical breakdown of the Red CryptoApp ransomware. While specific details haven’t been widely shared to avoid giving attackers an advantage, the report indicates Red CryptoApp uses file encryption techniques to render a victim’s data inaccessible. In case, a targeted system is successfully compromised its files will add a .REDCryptoApp extension to them.

Targeted Countries and Industries

A look at the Red CryptoApp ransomware gang’s wall of shame, the United States stands as the primary target with five victims in total, followed by various other countries including Denmark, India, Spain, Italy, Singapore, and Canada.

As for the targeted industries, the software and manufacturing sectors emerge as the most frequently targeted industries, with additional focus observed in education, construction, hospitality, and IT sectors.

Red Ransomware Group Red CryptoApp
Red Ransomware Group’s (Red CryptoApp) dark web leak site

Preparation Yourself

The emergence of Red CryptoApp ransomware shows how this threat has evolved over the years. Organizations must be prepared to defend themselves against various attack methods.

Netenrich emphasizes the importance of regular data backups, proper security practices, and user education on phishing attempts, which are a common entry point for ransomware attacks.

  1. LockBit Ransomware Gang Returns, Taunts FBI
  2. Ransomware Attacks Are Now Targeting Backups
  3. TeamViewer Exploited to Obtain to Deploy Ransomware
  4. Dark Web Tool Arms Ransomware Targeting Aviation Industry
  5. US-Led Alliance of 40 Countries to Combat Ransomware Threat





Source link