Razvrat

Razvrat is a malicious software, or malware, known for its damaging effects on computer systems. It infiltrates systems undetected through suspicious downloads, emails, or websites, with the potential to steal personal information, disrupt operations, or hold data hostage for ransom. The malware was promoted by a threat actor known as farnetwork in April 2019 on the Exploit hacker forum. Here, the JSWORM Ransomware-as-a-Service (RaaS) program was advertised, which included the RazvRAT malware. The threat actor behind Razvrat operates under multiple aliases including farnetwork, jingo, jsworm, piparkuka, and farnetworkitand, among others. According to a report shared by Group-IB with BleepingComputer, this individual has been active on several Russian-speaking hacker forums. Their main activity involves recruiting affiliates for various ransomware operations, thus expanding the reach and impact of the malware. Farnetwork initially gained attention in the cybercrime community by advertising RazvRAT, a remote access trojan, on underground forums such as RAMP. This trojan, later known as Razvrat, allowed the operator to gain unauthorized access to victim's devices. Operating under numerous aliases, farnetwork has continued to be a prominent figure in these underground communities, demonstrating the persistent and evolving threat posed by Razvrat and similar malware.