Hackers often use similar strategies and tactics as those used by prominent hacking groups. Two ransomware groups named TommyLeaks and SchoolBoys were observed following the footsteps of Conti and Karakurt, raising suspicion about connections between the duo.
Let’s check out the similarities
According to an analysis by Bleeping Computer researchers, TommyLeaks and SchoolBoys are operated by a similar ransomware operator group.
- In a SchoolBoys negotiation chat, the gang greeted its victim as TommyLeaks in its attempts to extort a ransom.
- Both were observed using the same Tor chat system for their extortion negotiation sites, which has been used only by Karakurt in the past.
The strong ties between Karakurt and Conti were uncovered earlier this year. Karakurt emerged in late 2021 after a fall in the number of successful attack attempts by the Conti group.
A bit about the past
- TommyLeaks was spotted first by MalwareHunterTeam in September, targeting corporate networks, stealing data, and demanding a ransom. Its ransom demands usually range from $400,000 to $700,000.
- A few days ago, MalwareHunterTeam discovered another new gang dubbed SchoolBoys, which was seen stealing data and encrypting victims’ devices. Interestingly, its encryptor is created using the leaked LockBit 3.0 builder.
Worth noting
Earlier proof of connections couldn’t confirm that TommyLeaks and SchoolBoys used the same chat system as Karakurt. With more research, some clarity has come over the period. Although it is not known why the two groups are using different names, researchers suspect that they may simply be another Conti and Karakurt combo.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/6dce_shutterstock_2087787439.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_205806613.jpg)
