- Researchers suggest a strong link between data breaches and ransomware attacks.
- They discovered a partnership between a threat actor called -TMT- and the REvil ransomware group.
Researchers from Advanced Intelligence have published a report about the underground syndicates powering targeted ransomware attacks in 2019.
- Breaching networks and accessing data do not provide much monetary value unless the data is sold on the dark web.
- Ransomware groups can help with the problem of monetization by renting or buying the breached data.
“In 2018 and 2019 many skilled hackers were able to find their niche in the community by using intrusion skills to help the new generation of ransomware groups,” wrote the researchers.
Analyzing the -TMT- and REvil partnership
A threat actor who goes by the name of ‘-TMT-’ has been observed to be working with the REvil ransomware group since August 2019, supporting REvil’s crypto locker uploads.
- The partnership is believed to have initially formed because both of them shared specialization in admin panel compromises.
- Sources state that the actor behind -TMT- has an established connection with a key REvil affiliate who goes by the name of ‘Lalartu’.
- Lalartu and -TMT- have offered their services to high-profile syndicates.
The report also outlines the tactics, techniques, and procedures of the -TMT- threat actor.
Why it matters
Researchers say that with the rise of new ransomware teams that rely on outside sources for breaching networks, hackers who can intrude networks can securely monetize the fraudulent access.
It is also said that the alliance between -TMT- and REvil ransomware group is one of the many partnerships that the researchers came across on the dark web.