NoEscape

Malware updated 11 days ago (2024-08-28T15:18:13.421Z)
Download STIX
Preview STIX
NoEscape is a form of malware, specifically ransomware, known for infiltrating victim networks and collaborating with other ransomware affiliates like Ransomhouse and ALPHV (also known as BlackCat). These groups work together to gain access to victim networks, lock them down, and strategize on how to extort the victims. The NoEscape ransomware gang notably orchestrated a data breach against the French basketball team ASVEL in October 2023. In the last quarter of 2023, the Talos Incident Response team reported an increase in ransomware incidents involving new players including Play, Cactus, BlackSuit, and NoEscape, indicating a rise in their activity. In December 2023, following the FBI's disruption campaign against the ALPHV ransomware operation, the LockBit ransomware group made a public call on a Russian-speaking dark web forum. They sought to recruit ALPHV and NoEscape ransomware affiliates, even inviting any ALPHV developers to join them. This move was interpreted as a sign of desperation on LockBit's part, possibly due to the increased law enforcement pressure and disruptions. Despite its recent visibility, NoEscape has seemingly gone quiet, even taking down its data leak site. However, experts from ReliaQuest predict that this silence is only temporary. Given NoEscape's past success with multi-extortion tactics and its emergence as a rebrand of 'Avaddon,' it is likely that the group will resume activity under a different name in the future. Meanwhile, the NoEscape and Play ransomware groups were observed to have increased their activities during the last quarter of 2023.
Description last updated: 2024-08-28T15:17:32.695Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Alphv
6
Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op
Avaddon
5
Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Encryption
Linux
Extortion
Ddos
Exploit
Healthcare
RaaS
Windows
Esxi
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
4
LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Fox KittenUnspecified
2
Fox Kitten, an Iranian-based cyber espionage group active since 2017, has been identified as a significant threat actor in the cybersecurity landscape. The group primarily gains initial access through VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure. Despite being backed by Ir
Source Document References
Information about the NoEscape Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
10 days ago
Iran's 'Fox Kitten' Group Aids Ransomware Attacks on US Targets
InfoSecurity-magazine
11 days ago
Iranian Hackers Secretly Aid Ransomware Attacks on US
CISA
11 days ago
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA
ESET
5 months ago
Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world
CERT-EU
6 months ago
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Trend Micro
7 months ago
LockBit Attempts to Stay Afloat with a New Version
Unit42
7 months ago
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
InfoSecurity-magazine
7 months ago
LockBit Reigns Supreme in Soaring Ransomware Landscape
CERT-EU
8 months ago
Ransomware Activity Surged in 2023, Likely to Evolve in 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
The Top 10 Ransomware Groups of 2023
CERT-EU
9 months ago
Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team
CERT-EU
9 months ago
Ransomware attacks up 81% year-on-year in October | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
9 months ago
Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more | IT World Canada News
CERT-EU
9 months ago
NYC Bar Association breach exposes over 27K members' data
CERT-EU
10 months ago
Cyberattackers leaked data of 27,000 NYC Bar Association membersers
CERT-EU
10 months ago
Significant drop in ransomware but threat remains for UK
CERT-EU
10 months ago
Blacksuit Ransomware linked to Royal Ransomware - Cybersecurity Insiders
Malwarebytes
10 months ago
Ransomware review: October 2023
Fortinet
10 months ago
Ransomware Roundup – NoEscape
CERT-EU
10 months ago
Royal ransomware may soon rebrand, BlackSuit links confirmed