Pinchy Spider

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Pinchy Spider is a prominent threat actor in the cybersecurity landscape, notorious for its involvement in ransomware and data extortion activities. The group emerged as a significant player with the advent of Ransomware-as-a-Service (RaaS), vowing to be the first ransomware gang to amass $2 billion in ransom payments. By December 2019, Pinchy Spider had already targeted a managed service provider (MSP) with its REvil ransomware, demanding a staggering $6 million USD payment. The group holds the record for receiving the largest known ransom payment in history, a hefty sum of $10 million for a single attack. In response to the increasing global impact of the COVID-19 pandemic in early 2020, Pinchy Spider began capitalizing on a new trend: stealing data and further extorting victims to pay for their data not to be publicly leaked. This tactic suggested that non-compliant victims might face fines under the EU's General Data Protection Regulation (GDPR). Prior to this shift, Pinchy Spider had been involved with GandCrab operations, which continued to evolve throughout the first half of 2019. On May 31, 2019, they announced an end to these operations, claiming their affiliates had made $2 billion USD over the previous year and that Pinchy Spider themselves netted $150 million USD. Following the lifting of targeting restrictions in the United States, Pinchy Spider was associated with a second breach targeting JBS, leading to additional statements from the U.S. Department of Justice indicating that ransomware investigations would be conducted similarly to counterterrorism investigations. As a result of the increased scrutiny, Pinchy Spider issued new rules for their REvil RaaS affiliates, necessitating the screening of potential ransomware victims prior to infection. Despite these changes, Pinchy Spider remains one of the most prevalent threat actors in the cybercrime arena.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
REvil
1
REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Antivirus
RaaS
Extortion
Ransom
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GandcrabUnspecified
1
GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REv
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Pinchy Spider Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
RaaS kits will be a problem in 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
MITRE
7 months ago
The Evolution of PINCHY SPIDER from GandCrab to REvil | CrowdStrike