The Ransomware Group has robbed $ 34.2 million since its appearance in April 2024, which targets victims throughout the healthcare, business and manufacturing sectors, according to TRM Labs Research.
Most victims are located in the United States, where ransom demands reach up to $ 1.3 million per attack.
The e -crime group has achieved great goals, including the American pharmacies associated with it, the Memorial and Manor Hospital in Georgia, and the Wazer Memorial Hospital in Idaho.
TRM LABS has set about $ 18.8 million in victims’ funds that are still asleep in non -explained portfolios.
Suspect
According to TRM LABS, the siege may be re -named from the collapsed Alphin ransom group, based on technical similarities and joint infrastructure.
Both groups use a rust programming language and maintain almost identical data leakage site designs and functions.
The analysis of the series revealed that the historical titles associated with Black Katyha have turned the cryptocurrency into the portfolio groups associated with the victims of the ban.
The communication indicates that the siege operators inherited or developed BlackCat process after the exit fraud shown in 2024.
The blockade operates under the Ransomware-A-Service model, providing tools for subsidized companies while maintaining control of basic operations and payment negotiations. This structure allows rapid scaling across multiple sectors and geographical regions.
Use the ransom ban for advanced washing methods
The organization uses credit platforms such as Cryptex.net, highly dangerous exchanges, and intermediate wallets to wash stolen cryptocurrencies.
Between May and August 2024, TRM LABS watched about $ 13.5 million in deposits made through various virtual asset services providers, including more than a million dollars directed by Cryptex.net.
The siege avoids strong dependence on cryptocurrencies, instead, placing transactions through multiple addresses before depositing the money directly in exchanges.
The group was observed using a mabtabi mixer in limited cases, with only two specific deposits.
Ransomware deliberately flows money at various stages of the mystery process, they will likely disrupt tracking or waiting patterns of favorable conditions such as lower media attention or a decrease in network fees.
The prohibition specifically targets health care organizations to increase the financial leverage through operational disorder.
Health care attacks can directly affect patient care, with life -threatening consequences, and create pressure on rapid ransom payments.
The group uses dual blackmail tactics – inspection files taking into account sensitive data. Victims face threats to data leaks or dark web sales if they refuse to pay, which increases financial damage with reputable and organizational consequences.