A new Ransomware-as-a-Service (RaaS) platform dubbed as DeathGrip has come into the limelight with sophisticated ransomware tools, and the service is being promoted through Telegram and various underground forums and getting enlightening with the attackers.
DeathGrip RaaS is notable for its use of advanced ransomware tools, including the notorious LockBit 3.0 and Chaos Builders. These tools are crafted using leaked ransomware builders, allowing users to create highly effective payloads.
According to the reports, the availability of such tools on the dark web significantly lowers the barrier to entry for potential cybercriminals, enabling them to execute fully developed ransomware attacks without requiring extensive technical knowledge and increases the likelihood of new attackers emergence
The impact is already being felt, with its payloads being observed in numerous attacks. By leveraging these sophisticated tools, attackers can encrypt victims’ data and demand hefty ransoms, often in cryptocurrency, to restore access.
The proliferation of RaaS platforms like DeathGrip highlights the urgent need for enhanced cybersecurity measures and awareness. Organizations must prioritize robust security protocols, regular system updates, and employee training to mitigate the risks posed by these emerging threats.
As DeathGrip continues to expand its services, it’s highly recommended to remain vigilant and proactive in combating the evolving ransomware threat landscape.
Indicators of Compromise
- 2d566a2b94fc8b16b97200392db1bbe714c31289 DeathGrip (LockBit)
- 560065e8fbc3eb7743c74d3300d73db16141fd1f DeathGrip (Chaos/Yashma)
- 96c375b9c57292db73c7ef2f2df16cf7be1604bb DeathGrip (LockBit)
- d24fc282fb660945b87e1c41860a031f6e7ec9f6 dropper.bat
- fc9548f91123e05196dad6bcab11d29abd01500c DeathGrip (Chaos/Yashma)
- https[:]//master-repogen.vercel[.]app/file/server.scr
- https[:]//master-repogen.vercel[.]app/file/tmk.scr
