Defray

Defray is a malicious threat actor group, also known as Hive0091, that operates various ransomware strains such as Defray, Ryuk, and BitPaymer. They are also responsible for the RansomExx operation, PyXie malware, and Vatet loader. The cybersecurity industry identifies this group as a significant player in the execution of actions with harmful intent. These operations can lead to severe consequences for targeted entities, including data loss, operational disruption, and reputational damage. In May 2023, the newly emergent MichaelKors ransomware-as-a-service (RaaS) operation began targeting VMware ESXi and Linux systems. This move followed similar tactics employed by several ransomware gangs, including Defray, ALPHV/BlackCat, ESXiArgs, LockBit, Play, Rook, Black Basta, and Rorschach. The continued evolution of these e-crime outfits signifies an increasing threat to organizations worldwide, particularly those relying on vulnerable platforms like VMware ESXi and Linux systems. Despite the financial cushion provided by cyber insurance policies to defray recovery costs, they cannot restore lost data, disrupted operations, or damaged reputation. As Dirk Schrader, VP of Security Research at Netwrix, points out, the impact of security incidents extends beyond immediate financial losses. Therefore, organizations need to prioritize resilient security measures, including defenses against advanced threats like AI-powered phishing, to protect their assets and operations effectively.