Groove ransomware group calls on other ransomware gangs to hit US public sector

Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US.

The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang.

“The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.” reported the Reuters agency.

The ransomware gang published a message in Russian language on its leak site:

The message also asks other ransomware gangs to avoid targeting Chinese companies, because China could represent a safe place for ransomware gangs in case Russia will stop tolerate ransomware operations.

“In our difficult and troubled time when the US government is trying to fight us, I call on all partner programs to stop competing, unite and start fucking up the US public sector” states the message. “I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors – the Chinese!”

After the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies, the gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million).

Omri Segev Moyal, CEO and co-founder of security firm Profero, told TheRecord that the threat actors split the funds into multiple wallets. The gang is likely moving the funds to cache out its profits. Moyal shared his findings with law enforcement.

Update: The Groove gang published another post

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]