The Russian-speaking group behind the infamous RTM banking trojan is now packing a trifecta of threats as it turns up the heat – part of a massive new money-grab campaign. Beyond the banking malware it is known for, attackers have enlisted a recently-discovered ransomware family called Quoter as part of a new double-extortion cyberattack strategy. The triple-threat attack, which started its “active phase” in December 2020 and is ongoing, has hit at least ten Russian organizations in the transport and finance sectors via malicious email messages, according to Kaspersky in a report released this week. Should the money-stealing tactics of RTM group’s hallmark Trojan-Banker.Win32.RTM payload fail, the attackers have a backup plan. Plan “B” is deploy a never-before-seen ransomware family, which researchers are calling Quoter. The name Quoter is derived from the fact the ransomware code embeds quotes from popular movies. Next, if attackers hit a brick wall, they try to extort money from victims, threatening that they will release breached data stolen from the targets if they don’t pay up. “What’s remarkable about this story is the evolution of the group behind the RTM ransomware,” according to a translation of Kaspersky’s research report. They said the group has gone far beyond its tried-and-true methods of “making money” – via extortion and doxing. They added, it’s unusual for Russian-speaking cybercriminals to attack organizations in Russia, although, the ransomware is also…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-03-03 14:18:002021-03-03 14:18:00RTM Cybergang Adds New Quoter Ransomware to Crime Spree
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org