Newly emergent GLOBAL GROUP ransomware-as-a-service operation which is suspected to be a rebrand of the BlackLock RaaS group after being promoted by the $$$ threat actor who leads the latter has already compromised 17 organizations across various industries in the U.S., Brazil, Europe, and Australia since June, The Hacker News reports.
Analysis of GLOBAL GROUP's RaaS platform by EclecticIQ researchers revealed the presence of an artificial intelligence chatbot-based ransom negotiation panel aimed at improving engagements with non-English-speaking affiliates, in addition to an affiliate panel enabling the creation of multi-platform payloads, victim management, and operation tracking. GLOBAL GROUP was also observed to have code similarities with the Mamona operation, also operated by $$$. "The creation of GLOBAL GROUP by BlackLock's administrator is a deliberate strategy to modernize operations, expand revenue streams, and stay competitive in the ransomware market," said EclecticIQ researcher Arda Buyukkaya. Such findings follow a CYFIRMA report detailing a 15% drop in ransomware victimization between May and June, which saw Qilin as the most prolific RaaS operation.
