You are currently viewing The TommyLeaks and SchoolBoys Ransomware Gangs Share a Common Enemy

The TommyLeaks and SchoolBoys Ransomware Gangs Share a Common Enemy

New extortion gangs, TommyLeaks and SchoolBoys, have emerged out of China attacking companies around the world with dangerous extortion threats. Even though they are both connected, there is one catch – both are part of the same ransomware gang.

Earlier this month, security researcher MalwareHunterTeam warned of a new extortion gang called TommyLeaks that was trying to extort companies.

As a result of the hacking group’s activity, companies claim it has breached their networks, stolen data, and demanded a ransom not to leak this data. In a recent report, BleepingComputer reported that ransom demands ranged from $400,000 to $700,000.

MalwareHunterTeam discovered yet another ransomware extortion gang in October, dubbed ‘SchoolBoys Ransomware Gang’. They claim to use ransomware to steal data from victims and encrypt their devices as part of their attacks as part of their ransomware extortion campaigns.

Threat actors steal data during their attacks. However, as of yet, no site with public data leaks is known to have been used by threat actors to leak that data.

Even though there was nothing that connected the two groups at the time, they both used the same Tor chat system to negotiate over the privacy of their members.

What is even more suspicious about the use of this particular chat system is that it had only ever before been used by the Karakurt extortion group.

BleepingComputer reported this week that TommyLeaks and SchoolBoys Ransomware Gang are both part of the same extortion group called the SchoolBoys Ransomware Gang, also called TommyLeaks.

During a SchoolBoys negotiation chat that BleepingComputer saw, the threat actors appeared to address their victim as TommyLeaks in their attempt to coerce a ransom payment from him.

Even though it is not entirely clear why they are using two different names as part of their operation, they may be trying to take a similar approach to Konti and Karakurt in terms of the operation.

As previously reported by BleepingComputer, AdvIntel CEO Vitali Kremez has revealed that Karakurt is a member of the Conti cybercrime syndicate and a member of the DefConti crime family.

Read the full article here

News Room

Cybervizer is a blog and podcast site that focuses on the latest technology and cybersecurity topics that are impacting enterprises, both small and large. Join us to explore the most important trends in enterprise technology and cybersecurity today. Get true insights into the tech and trends that will impact you and your organization.