KryBit retaliates against 0APT with extensive data leak

Newly identified ransomware-as-a-service operation KryBit has compromised fellow nascent RaaS gang 0APT and exposed its full operational information, including access logs, system files, and PHP source code, in retaliation for the latter's initial leak of some of its data earlier this month, reports Infosecurity Magazine.

Access logs revealed that 0APT had fabricated claims of breaching more than 190 victims published on its data leak site in January, according to a Halcyon report. 0APT has also been struggling to recover its AnLinux-ParrotOS-based leak site, which used an Android device's internal SD card to release content. Everest Group, which also had its hashed and encoded publication and user information exposed by 0APT, has yet to launch a counterattack. Such in-fighting is indicative of ongoing financial pressure in the ransomware landscape, noted Halcyon Chief Strategy Officer Oliver Newbury.

"We're now seeing them disrupt each other's operations, taking over infrastructure and undermining campaigns in real time. It creates instability, but not safety. The ecosystem doesn't shrink, it reshapes, often becoming harder to predict in the process," Newbury added.