Werewolves

Malware updated 22 days ago (2024-11-29T14:50:14.303Z)
Download STIX
Preview STIX
The Werewolves group, a new entrant into the malware scene, has been identified as a significant threat due to its use of LockBit3 ransomware and leaked Conti source code. The group, which was first reported by Russian cybersecurity firm F.A.C.C.T. in November 2023, began its operations in June 2023, primarily targeting Russian entities. Since their inception, they have expanded their reach to include victims in the U.S. and Europe, with a total of 26 known targets to date. Their activities have seen them rise rapidly through the ranks of ransomware groups, entering the top three for the first time. In addition to its wide geographic spread, the Werewolves group has also made headlines for its aggressive tactics. They claim that any stolen data is subject to "a criminal legal assessment, a commercial assessment, and an assessment in terms of insider information for competitors." In one instance, the group even threatened to expose an employee at a targeted company who was allegedly searching for child sexual abuse material unless the company paid the ransom. This approach underscores the group's willingness to exploit sensitive information to achieve their objectives. Looking ahead to 2024, the cybersecurity landscape is expected to continue evolving, with the Werewolves group among those predicted to persist. Other emerging groups such as Cactus, Rhysida, 8base, Hunters International, and Akira are also being closely watched. The Cyber Express is monitoring these developments closely, highlighting the importance of vigilance against these threats. As the story continues to unfold, it will be crucial to stay informed about the latest activities of the Werewolves group and other emerging threats.
Description last updated: 2024-09-02T10:15:42.397Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Akira Malware is associated with Werewolves. Akira is a potent ransomware that has been active since 2023, known for its aggressive encryption tactics and swift deployment. This malware, which brings a unique '80s aesthetic to the dark web, has quickly risen in prominence within the cybercrime landscape. It has targeted hundreds of victims gloUnspecified
2
The Lockbit Malware is associated with Werewolves. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2