CosmicBeetle, a well-known threat actor in the cybersecurity landscape, has recently introduced a new ransomware variant dubbed ScRansom. This custom ransomware strain has been deployed in attacks targeting small- and medium-sized businesses (SMBs) across Europe, Asia, Africa, and South America. ScRansom represents a notable evolution from CosmicBeetle’s previous ransomware, Scarab, and is designed to infiltrate a wide range of sectors, including manufacturing, pharmaceuticals, legal, education, healthcare, technology, hospitality, and finance. The move underscores CosmicBeetle’s ongoing efforts to enhance their attack methodologies and extend their operational reach.
ScRansom is equipped with advanced features that make it particularly effective in compromising targeted systems. The ransomware is known for its sophisticated encryption capabilities and an “ERASE” mode that ensures files are rendered irrecoverable by overwriting them. CosmicBeetle has also integrated various tools such as Reaper and Darkside to disable security processes and avoid detection before deploying ScRansom. This approach highlights the actor’s technical proficiency and their commitment to overcoming security defenses.
In a significant development, CosmicBeetle is also reportedly collaborating with the RansomHub group. This partnership is notable as it suggests a strategic effort to leverage RansomHub’s infrastructure and resources to enhance the effectiveness of ScRansom. The deployment of both ScRansom and RansomHub payloads on the same machine within a short timeframe indicates a sophisticated level of coordination between the two entities. This collaboration may provide CosmicBeetle with additional avenues for targeting and a broader attack surface.
The emergence of ScRansom and the alliance with RansomHub illustrate a growing trend of ransomware actors refining their tools and forming partnerships to maximize their impact. As CosmicBeetle continues to adapt and innovate, the cybersecurity community must remain vigilant and proactive in developing countermeasures to mitigate the threat posed by these advanced ransomware campaigns.
Reference:
