Werewolves

Malware updated 2 months ago (2024-09-02T10:18:53.031Z)
Download STIX
Preview STIX
The Werewolves group, a new entrant into the malware scene, has been identified as a significant threat due to its use of LockBit3 ransomware and leaked Conti source code. The group, which was first reported by Russian cybersecurity firm F.A.C.C.T. in November 2023, began its operations in June 2023, primarily targeting Russian entities. Since their inception, they have expanded their reach to include victims in the U.S. and Europe, with a total of 26 known targets to date. Their activities have seen them rise rapidly through the ranks of ransomware groups, entering the top three for the first time. In addition to its wide geographic spread, the Werewolves group has also made headlines for its aggressive tactics. They claim that any stolen data is subject to "a criminal legal assessment, a commercial assessment, and an assessment in terms of insider information for competitors." In one instance, the group even threatened to expose an employee at a targeted company who was allegedly searching for child sexual abuse material unless the company paid the ransom. This approach underscores the group's willingness to exploit sensitive information to achieve their objectives. Looking ahead to 2024, the cybersecurity landscape is expected to continue evolving, with the Werewolves group among those predicted to persist. Other emerging groups such as Cactus, Rhysida, 8base, Hunters International, and Akira are also being closely watched. The Cyber Express is monitoring these developments closely, highlighting the importance of vigilance against these threats. As the story continues to unfold, it will be crucial to stay informed about the latest activities of the Werewolves group and other emerging threats.
Description last updated: 2024-09-02T10:15:42.397Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Akira Malware is associated with Werewolves. Akira is a notorious malware, specifically a ransomware, that has been active since April 2023. It utilizes dual extortion tactics to compromise various industries, as outlined in a technical analysis shared by cybersecurity researchers. The ransomware's modus operandi includes stealing sensitive daUnspecified
2
The Lockbit Malware is associated with Werewolves. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operatUnspecified
2
Source Document References
Information about the Werewolves Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more