Tommyleaks

Malware updated 7 months ago (2024-11-29T14:50:27.178Z)
Download STIX
Preview STIX
TommyLeaks is a malware that gained notoriety in the cybercrime world for its extensive damage and exploitation capabilities. The malicious software was reportedly used by a group known as Karakurt, which has also operated under various other aliases such as SchoolBoys Ransomware Group and Blockbit. The malware can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it's capable of stealing personal information, disrupting operations, or even holding data hostage for ransom. In September 2022, a company received communications from TommyLeaks claiming that 4 terabytes of their data had been stolen. The attackers demanded a ransom for the deletion of this stolen data. Around the same time, the FBI attempted to contact an individual who claimed to be a researcher with additional information about the Karakurt group. This person requested approximately $365,000 in Bitcoin from the FBI in exchange for sharing details about how Karakurt also operated the Akira ransomware encryptor and used the names TommyLeaks and SchoolBoys Ransomware Group in the past. The Karakurt group came under scrutiny when users suggested that they needed to further distance themselves from another notorious group, Conti. In response, they changed their group's name again to TommyLeaks, Schoolboys Ransomware Gang, and Blockbit. However, these efforts proved futile as recent attacks using the TommyLeaks and Schoolboys Ransomware Gang names were quickly publicly associated back to Karakurt and Conti, much to the disappointment of the users. This incident underscores the persistent threat of malware and the necessity of robust cybersecurity measures.
Description last updated: 2024-10-17T12:05:37.810Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Tommyleaks Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
10 months ago