Groove Ransomware Calls All Gangs to Unite Against the U.S.

What happened?

• The message makes an appeal to all other ransomware gangs to stop competing and unite against the U.S.
• The message provides a reference to the recent arrests and other actions taken by federal agencies against ransomware gangs (supposedly REvil).
• The post also tells all the gangs to avoid targeting Chinese companies. 
• According to the post, China is the next potential safe haven for them in case Russia decides to stop tolerating ransomware operations and start taking action against them.

Groove’s Babuk connection and an Orange suspect

• In July 2021, a threat actor previously associated with Babuk Ransomware operations launched the RAMP hacking forum after the group announced its retirement from the ransomware business.
• The actor, known as Orange, used admin rights on Babuk's Tor site to host the hacking forum. Recently, he announced a change of administration of the forum.
• Moreover, another post by this threat actor suggested that it will soon initiate a new ransomware operation aimed at hospitals and government agencies in the U.S.
• Now, researchers studied this common ground of interest and implied relations between Groove’s post on the Russian blog post and the aforementioned posts by Orange.

Ending notes