October 3, 2024 at 06:13AM
An extortionist, “PaidMemes,” has used the BabyLockerKZ ransomware variant to attack over 100 organizations per month since 2022. The attacks initially targeted European businesses before shifting to Central and South America. “PaidMemes” targets small to medium-sized enterprises and demands payments averaging $30,000-$50,000. The attacker exploits publicly available tools and compromised credentials to gain unauthorized access.
The meeting notes state that an extortionist, known as “PaidMemes,” has been using a new variant of MedusaLocker ransomware, called “BabyLockerKZ,” to infect over 100 organizations per month since at least 2022. These attacks have targeted businesses globally, with a focus on Europe, Central and South America, and various other countries like the US, UK, Hong Kong, South Korea, Australia, and Japan. The victims include small and medium-sized businesses across different industries. The attacker has been obtaining ransom payments ranging from $30,000 to $50,000 from these businesses. The attacker’s tools include network scanners, malware to disable antivirus software, Mimikatz to dump Windows user credentials, and other freely available code. The criminal tends to use compromised computers’ folders to store the attack tools. The meeting also discussed the challenges small and medium-sized businesses face in protecting against ransomware and the potential for a rise in ransomware activity targeting these businesses in the future.