Defray

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Defray is a malicious threat actor group, also known as Hive0091, that operates various ransomware strains such as Defray, Ryuk, and BitPaymer. They are also responsible for the RansomExx operation, PyXie malware, and Vatet loader. The cybersecurity industry identifies this group as a significant player in the execution of actions with harmful intent. These operations can lead to severe consequences for targeted entities, including data loss, operational disruption, and reputational damage. In May 2023, the newly emergent MichaelKors ransomware-as-a-service (RaaS) operation began targeting VMware ESXi and Linux systems. This move followed similar tactics employed by several ransomware gangs, including Defray, ALPHV/BlackCat, ESXiArgs, LockBit, Play, Rook, Black Basta, and Rorschach. The continued evolution of these e-crime outfits signifies an increasing threat to organizations worldwide, particularly those relying on vulnerable platforms like VMware ESXi and Linux systems. Despite the financial cushion provided by cyber insurance policies to defray recovery costs, they cannot restore lost data, disrupted operations, or damaged reputation. As Dirk Schrader, VP of Security Research at Netwrix, points out, the impact of security incidents extends beyond immediate financial losses. Therefore, organizations need to prioritize resilient security measures, including defenses against advanced threats like AI-powered phishing, to protect their assets and operations effectively.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Defray Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
VMware ESXi, Linux systems targeted by new MichaelKors RaaS operation | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
DARKReading
a year ago
Netwrix Annual Security Survey: 68% of Organizations Experienced a Cyberattack Within the Last 12 Months
CERT-EU
a year ago
In focus: MDR for finance
SecurityIntelligence.com
a year ago
RansomExx Upgrades to Rust
CERT-EU
a year ago
68% of organisations experienced a known cyberattack within the last 12 months
CERT-EU
5 months ago
Establishing Business Continuity in the Aftermath of a Ransomware Attack | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
CERT-EU
a year ago
Royal ransomware attack recovery in Dallas to take weeks
CERT-EU
6 months ago
Commentary: How will money changers fare in a world of multi-currency apps?
Secureworks
a year ago
Ransomware Evolution