• About
  • Advertise
  • Careers
  • Contact Us
Wednesday, June 25, 2025
  • Login
No Result
View All Result
NEWSLETTER
Tech | Business | Economy
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
Home Business Security

Sophos Uncovers New Connections Between Hive, Royal, and Black Basta Ransomware

by Techeconomy
August 14, 2023
in Security
1
Sophos Uncovers ransomware groups
Sophos (logo)

Sophos Uncovers ransomware groups

UBA
Advertisements

…Recent Attacks Suggest the Three Ransomware Groups Are Sharing Playbooks or Affiliates

Sophos, a global leader in innovating and delivering cybersecurity as a service, released new findings into the connections between the most prominent ransomware groups this past year, including Royal, in its report, “Clustering Attacker Behavior Reveals Hidden Patterns.”

Over the course of three months beginning in January 2023, Sophos X-Ops investigated four different ransomware attacks, one involving Hive, two by Royal, and one by Black Basta, and noticed distinct similarities between the attacks.

Sophos Uncovers ransomware groups
Advertisements
MTN ADS
Sophos uncovers ransomware groups (Diagram: Sophos)

Despite Royal being a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.

Sophos is tracking and monitoring the attacks as a “cluster of threat activity” that defenders can use to speed up detection and response times.

“Because the ransomware-as-a-service model requires outside affiliates to carry out attacks, it’s not uncommon for there to be crossover in the tactics, techniques, and procedures (TTPs) between these different ransomware groups. However, in these cases, the similarities we’re talking about are at a very granular level. These highly specific, unique behaviors suggest that the Royal ransomware group is much more reliant on affiliates than previously thought. The new insights we’ve gained about Royal’s work with affiliates and possible ties to other groups speak to the value of Sophos’ in-depth, forensic investigations,” said Andrew Brandt, principal researcher, Sophos.

The unique similarities include using the same specific usernames and passwords when the attackers took over systems on the targets, delivering the final payload in .7z archive named after the victim organization, and executing commands on the infected systems with the same batch scripts and files.

Sophos X-Ops succeeded in uncovering these connections following a three-month long investigation into four ransomware attacks.

The first attack involved Hive ransomware in January 2023. This was followed by Royals’ attacks in February and March 2023 and, later, in March, Black Basta’s. Near the end of January this year, a large portion of Hive’s operation was disbanded following a sting operation by the FBI. This operation could have led Hive affiliates to seek new employment—perhaps with Royal and Black Basta—which would explain the similarities in the ensuing ransomware attacks.

Because of the similarities between these attacks, Sophos X-Ops began tracking all four ransomware incidents as a cluster of threat activity.

“While threat activity clusters can be a stepping stone to attribution, when researchers focus too much on the ‘who’ of an attack, then they can miss critical opportunities for strengthening defenses. Knowing highly specific attacker behavior helps managed detection and response teams react faster to active attacks. It also helps security providers create stronger protections for customers. When protections are based on behaviors, it doesn’t matter who is attacking—Royal, Black Basta, or otherwise—potential victims will have the necessary security measures in place to block subsequent attacks that display some of the same distinct characteristics,” said Brandt.

So far this year, Royal ransomware is the second most frequently encountered ransomware family by Sophos Incident Response.

Loading

Author

  • Techeconomy
    Techeconomy

    View all posts
0Shares
Tags: Ransomware GroupSophos
Techeconomy

Techeconomy

Next Post
Nigeria Inflation July 2023 by Lukman Otunuga | Trump Tariffs

Week Ahead: Nigeria Inflation, Fed Minutes and Oil in Focus

Comments 1

  1. Pingback: Key Findings In Sophos State Of Ransomware In Healthcare 2023 - News Curators

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recommended

ALX Nigeria

ALX Nigeria Moves More Than 12,000 Youths Closer to Jobs in Six Months

10 months ago
Decoding the Significance: What Happens as Tinubu Signs Data Protection Bill to Law?

Decoding the Significance: What Happens as Tinubu Signs Data Protection Bill to Law?

2 years ago

Popular News

    Connect with us

    • About
    • Advertise
    • Careers
    • Contact Us

    © 2025 TECHECONOMY.

    No Result
    View All Result
    • News
    • Tech
      • DisruptiveTECH
      • ConsumerTech
      • How To
      • TechTAINMENT
    • Business
      • Telecoms
      • Mobility
      • Environment
      • Travel
      • StartUPs
        • Chidiverse
      • TE Insights
      • Security
    • Partners
    • Economy
      • Finance
      • Fintech
      • Digital Assets
      • Personal Finance
      • Insurance
    • Features
      • IndustryINFLUENCERS
      • Guest Writer
      • EventDIARY
      • Editorial
      • Appointment
    • TECHECONOMY TV
    • Apply
    • TBS
    • BusinesSENSE For SMEs

    © 2025 TECHECONOMY.

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In
    Translate »
    This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.