skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition
KillSec Increases Ransomware and Data Breach Activities

KillSec Increases Ransomware and Data Breach Activities

/ 3 min read

stories , cybersecurity , threat actors , ransomware , dark web , killsec

Quick take - KillSec, a cyber threat actor that emerged in October 2023, has increased its ransomware and data breach activities, targeting various sectors including finance and healthcare, while offering services such as penetration testing, OSINT, and a Ransomware-as-a-Service program.

Fast Facts

  • KillSec, a cyber threat actor that emerged in October 2023 on Telegram, is known for ransomware attacks and data breaches, targeting organizations like Ping An and Yassir.
  • Operating mainly from Eastern Europe-Russia, KillSec offers services including unauthorized penetration testing, malicious OSINT, and a Ransomware-as-a-Service (RaaS) program for affiliates.
  • The RaaS program has a $250 entry fee and a 12% commission on successful ransoms, attracting a global pool of affiliates proficient in English or Russian.
  • Approximately 20% of KillSec’s attacks target the healthcare sector, with significant activity in the finance industry and a notable focus on organizations in India.
  • Despite claims of not targeting critical infrastructure, KillSec’s actions raise ethical concerns, and their communication patterns suggest intimidation tactics rather than advanced ransomware techniques.

KillSec: Emerging Cyber Threat Actor Intensifies Ransomware and Data Breach Activities

KillSec, a cyber threat actor, has gained notoriety for its involvement in ransomware attacks and data breaches. The group first emerged on the messaging platform Telegram in October 2023. Since then, KillSec has significantly ramped up its activities, being implicated in high-profile incidents involving organizations such as Ping An, a major financial services firm in China, and Yassir, a popular super app.

Services Offered by KillSec

Operating primarily out of the Eastern Europe-Russia region, KillSec specializes in offensive cyber operations, including network and web penetration as well as malware creation. The group offers three main services:

  1. Penetration Testing Service: Marketed for unauthorized access to systems, allowing clients to exploit vulnerabilities.

  2. OSINT (Open Source Intelligence): While typically used for legitimate purposes, this service has been repurposed for malicious intent, focusing on gathering private information from publicly available sources.

  3. Ransomware-as-a-Service (RaaS) Affiliate Program: This model enables individuals with limited technical skills to conduct ransomware operations for a share of the profits. The entry price for the RaaS program is $250, with a 12% commission on successful ransom payments. The program is designed to attract a global pool of affiliates, requiring proficiency in either English or Russian.

Targeted Sectors and Operational Methods

Despite prohibitions against attacking critical infrastructure, approximately 20% of KillSec’s alleged attacks have targeted the healthcare sector, with a notable focus on the finance industry, which accounts for 18.2% of their attacks. Their primary targets include organizations in India, which comprises 29.55% of their attacks, followed by the USA at 9.09% and Bangladesh at 6.82%.

KillSec’s RaaS model is characterized by a user-friendly control panel accessible via the Tor network, designed to facilitate the customization of ransomware campaigns. Upcoming features may include a stresser tool for Distributed Denial of Service (DDoS) attacks, phone call functionalities, and an advanced information stealer for extracting sensitive data.

The group’s communication patterns indicate that their messaging activity peaks between 10 AM and 7 PM Moscow time, with the highest volume occurring between 6 PM and 7 PM. There is currently no evidence to suggest that KillSec operates as a state-affiliated entity, as their operational methods and communications do not align with government support.

Ethical Concerns and Operational Tactics

Despite their publicly stated policies against targeting critical infrastructure, the ethics of KillSec’s operations have been called into question due to discrepancies between these claims and the realities of their actions. Furthermore, their communications lack details regarding encryption, suggesting a focus on intimidation tactics rather than sophisticated ransomware techniques.

A table of potential Tactics, Techniques, and Procedures (TTPs) associated with KillSec’s activities has been compiled, highlighting the group’s operational methodology.

Original Source: Read the Full Article Here

Check out what's latest

New File Transfer Protocol Developed for Enhanced Security and Performance
New File Transfer Protocol Developed for Enhanced Security and Performance
Study Introduces Benchmark for Evaluating Cryptographic Protocols
Study Introduces Benchmark for Evaluating Cryptographic Protocols
Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks
Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks