Pinchy Spider

Pinchy Spider is a prominent threat actor in the cybersecurity landscape, notorious for its involvement in ransomware and data extortion activities. The group emerged as a significant player with the advent of Ransomware-as-a-Service (RaaS), vowing to be the first ransomware gang to amass $2 billion in ransom payments. By December 2019, Pinchy Spider had already targeted a managed service provider (MSP) with its REvil ransomware, demanding a staggering $6 million USD payment. The group holds the record for receiving the largest known ransom payment in history, a hefty sum of $10 million for a single attack. In response to the increasing global impact of the COVID-19 pandemic in early 2020, Pinchy Spider began capitalizing on a new trend: stealing data and further extorting victims to pay for their data not to be publicly leaked. This tactic suggested that non-compliant victims might face fines under the EU's General Data Protection Regulation (GDPR). Prior to this shift, Pinchy Spider had been involved with GandCrab operations, which continued to evolve throughout the first half of 2019. On May 31, 2019, they announced an end to these operations, claiming their affiliates had made $2 billion USD over the previous year and that Pinchy Spider themselves netted $150 million USD. Following the lifting of targeting restrictions in the United States, Pinchy Spider was associated with a second breach targeting JBS, leading to additional statements from the U.S. Department of Justice indicating that ransomware investigations would be conducted similarly to counterterrorism investigations. As a result of the increased scrutiny, Pinchy Spider issued new rules for their REvil RaaS affiliates, necessitating the screening of potential ransomware victims prior to infection. Despite these changes, Pinchy Spider remains one of the most prevalent threat actors in the cybercrime arena.