November 8, 2023 at 04:44PM
Farnetwork, a prolific cybercriminal, was exposed after engaging with researchers posing as potential associates. Farnetwork was responsible for multiple strains of ransomware, including Nefilim, Karma, Nemty, and JSWORM. The cybercriminal had affiliations with the now-defunct Nokoyawa ransomware group and was actively recruiting for their operations. Despite retirement claims, experts predict Farnetwork will continue to develop new ransomware and orchestrate criminal activities in the future.
Key Takeaways from the Meeting Notes:
1. Group-IB researchers encountered a threat actor named “farnetwork” during an undercover operation.
2. Farnetwork is involved in the ransomware-as-a-service (RaaS) business and is responsible for at least five different strains of ransomware.
3. The researcher posing as a potential affiliate learned that farnetwork already had access to various enterprise networks and needed someone to deploy the ransomware and collect payments.
4. The proposed ransomware operation involved a profit-sharing agreement, with the Nokoyawa affiliate receiving 65% of the extortion money, the botnet owner getting 20%, and farnetwork receiving 15%.
5. Farnetwork’s criminal activities can be traced back to 2019, and they have been involved with ransomware strains such as JSWORM, Karma, Nemty, and Nefilim.
6. Nefilim’s RaaS program alone had more than 40 victims.
7. Although Nokoyawa closed its RaaS operation and farnetwork announced retirement, Group-IB researchers believe that the threat actor will likely resurface in the future with a new strain of ransomware or involvement in other criminal operations.
Please let me know if you need any further information or assistance.