Ransomexx

Parsing : Enabled

Description

RansomExx is a ransomware family that targeted multiple companies starting in mid-2020. It shares commonalities with Defray777.

External Analysis
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware
https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware
https://www.infosecurity-magazine.com/news/aerospace-giant-embraer-hit
https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html
https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://gustavopalazolo.medium.com/ransomexx-an%C3%A1lise-do-ransomware-utilizado-no-ataque-ao-stj-918001ec8195
https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf
https://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/
https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/
https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout
https://www.ctir.gov.br/arquivos/alertas/2020/alerta_2020_03_ataques_de_ransomware.pdf
https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware
https://www.ic3.gov/Media/News/2021/211101.pdf
https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-exposing-malware-in-linux-based-multi-cloud-environments.pdf
https://www.youtube.com/watch?v=qxPXxWMI2i4
https://blog.talosintelligence.com/2020/12/quarterly-ir-report-fall-2020-q4.html
https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://github.com/Bleeping/Ransom.exx
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://id-ransomware.blogspot.com/2020/06/ransomexx-ransomware.html
https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/
https://medium.com/proferosec-osm/ransomexx-fixing-corrupted-ransom-8e379bcaf701
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/
https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/3
https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/4
https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/5/
https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf
https://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/
https://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/
https://www.bleepingcomputer.com/news/security/new-ransom-x-ransomware-used-in-texas-txdot-cyberattack/
https://www.bleepingcomputer.com/news/security/ransomware-attack-hits-italys-lazio-region-affects-covid-19-site/
https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware
https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/
https://www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/?utm_campaign=blog&utm_medium=soc&utm_source=twtr&utm_content=sprout
https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.ic3.gov/Media/News/2021/211101.pdf
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf
https://www.trendmicro.com/en_us/research/21/a/expanding-range-and-improving-speed-a-ransomexx-approach.html
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-ransomexx
https://www.youtube.com/watch?v=qxPXxWMI2i4
Urls
Screen
http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/
Screen
http://zubllg7o774lgc4rdxmfcfpjewfkqa7ml7gxwl5fetogc7hbkvaprhid.onion/
Screen
File servers
Screen
Chat servers
Screen
http://jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion/
Screen

Posts

Date Title Description Screen
2024-09-14
Retemex Retemex is a virtual mobile operator in Mexico, operating on the country’s 4.5G LTE network. 24883 clients data even with PLAINTEXT PASSWORDS!
Screen
2024-08-10
Brontoo Technology Solutions OstaApp, developed by Brontoo Technology Solutions India Private Limited, is a digital payment platform designed to offer a secure, fast, and convenient way to make transactions without relying on traditional cards, wallets, or point-of-sale (POS) systems. The platform generates a unique, one-time-use digital number or QR code, which users can utilize for payments at registered merchants, partner ATMs, and more. Database with 146123 users leaked. Proof of PCI DSS compliance is not a guaranteed solution.
Screen
2024-08-03
nursing.com NURSING.com is an all-in-one online platform designed to help nursing students succeed in their studies and pass the NCLEX® exam with confidence. It provides a variety of resources, including video lessons, practice questions, cheat sheets, and custom study plans tailored to individual learning needs. The platform is particularly beneficial for visual learners, students with ADHD, dyslexia, and those who experience anxiety. Database dump, 568221 users.
Screen
2024-07-26
Planet Group International Planet Group International is a multinational corporation specializing in innovative technology solutions and consulting services. With a presence in numerous countries, the company focuses on digital transformation, IT infrastructure, software development, and data analytics. They cater to a diverse range of industries, providing tailored solutions to enhance operational efficiency and drive business growth. Planet Group International is known for its commitment to excellence, leveraging cutting-edge technologies to deliver high-quality services and support to its global clientele. Leaked data size: 4.9GB.
Screen
2024-07-26
LITEON LITEON Technology Corporation, based in Taiwan, is a leading company in the electronics industry known for its diverse range of products. Founded in 1975, LITEON specializes in the development and manufacturing of optoelectronics, storage devices, and other electronic components. Its products include LED lighting solutions, semiconductors, automotive electronics, and smart healthcare devices. LITEON is recognized for its innovation and commitment to sustainability, providing high-quality technology solutions to global customers while emphasizing environmental responsibility. Leaked data size: 142GB.
Screen
2024-07-12
Wagner-Meinert Wagner-Meinert is a company that specializes in industrial refrigeration, food process systems, and mechanical contracting. They provide services such as design, installation, maintenance, and compliance support for industrial and commercial refrigeration systems. Their expertise often spans areas including ammonia refrigeration systems, food processing equipment, HVAC systems, and related industrial solutions. Leaked data size: 685.3GB.
Screen
2024-07-01
TUV Rheinland AG Post will be available soon… Leaked data size: 650GB.
Screen
2024-04-17
Asteco Asteco is a real estate services firm based in the United Arab Emirates (UAE), with its headquarters in Dubai. It offers a wide range of real estate services including property management, valuation, research, investment consultancy, and sales and leasing brokerage. Asteco has been a prominent player in the UAE’s real estate market for several years, providing services to both individual clients and corporate entities. Leaked data size: 11.4GB.
Screen
2024-03-26
Badan Urusan Logistik BULOG, or Badan Urusan Logistik, is the state-owned logistics agency of Indonesia. Leaked data size: 12.77GB.
Screen
2024-03-26
Jacobs Farm / Del Cabo Jacobs Farm / Del Cabo is an organic farming company known for its commitment to sustainable agriculture and ethical business practices. Leaked data size: 399GB.
Screen
2024-03-26
DVision Architecture Dvision Architecture is a global architecture and design firm known for its innovative approach to architectural projects. Leaked data size: 110GB.
Screen
2024-03-26
Telecommunications Services of Trinidad and Tobago Telecommunications Services of Trinidad and Tobago (TSTT) is the primary telecommunications provider in the twin-island nation of Trinidad and Tobago. Leaked data size: 6GB.
Screen
2024-03-26
Ministry of Defense of Peru The Peruvian Ministry of Defense (Ministerio de Defensa del Perú) is the government agency responsible for overseeing the defense and security affairs of Peru. Leaked data size: 763.8GB.
Screen
2023-12-30
Kenya Airways Kenya Airways Ltd., more commonly known as Kenya Airways, is the flag carrier airline of Kenya. The company was founded in 1977, after the dissolution of East African Airways. Its head office is located in Embakasi, Nairobi, with its hub at Jomo Kenyatta International Airport. Accidents, IDs, cases, passports, staff death, etc.
Screen
2023-11-26
AlJaber Engineering AlJaber Engineering (JEC) is a leading general contractor based in the State of Qatar.
Screen
2023-11-16
Admilla ELAP Elap (formerly Admilia) offers its expertise and support throughout the implementation of your budget and accounting solution. Huge clients, financial documents, contracts, personal data and a lot of confidential things belongs to their customers. If you wanna be one someday your data will be here.
Screen
2023-10-27
Telecommunications Services of Trinidad and Tobago (tstt.co.tt) tstt.co.tt and bmobile.co.tt. 4293368 customer's lines, ID scans, gitlab projects, db dumps.
Screen
2023-07-01
DVA - DVision Architecture Dalla digitalizzazione del progetto alla realizzazione di prototipi costruttivi: l’attività di DVA spazia dal concept di un intervento, all’organizzazione logistica di cantiere. Un approccio declinato secondo il connubio tra digitalizzazione e sostenibilità, orientamento cardine di tutte le scelte della società e rintracciabile in ognuna delle commesse prese in carico.
Screen
2023-06-24
Jacobs Farm Jacobs Farm was founded in 1980 as a small organic family farm dedicated to growing fresh, high quality, delicious food without damaging the environment.
Screen
2023-03-02
Bettuzzi And Partners Lo Studio BETTUZZI & PARTNERS - Dottori Commercialisti è stato fondato dal dott. Alvaro Bettuzzi, nell'anno 2005, dopo aver maturato significative esperienze nello svolgimento della professione di dottore commercialista. Oltre al contributo del fondatore, lo Studio si avvale della collaborazione di altri dottori commercialisti, di esperti professionisti in altre discipline, di docenti universitari e di specialisti in varie aree della consulenza, soprattutto in materia legale e fiscale, in ambito sia nazionale che internazionale.
Screen
2023-02-22
BULOG BULOG adalah perusahaan umum milik negara yang bergerak di bidang logistik pangan.
Screen
2022-12-11
REC Silicon REC Silicon is a global leader in silane-based, high-purity silicon materials.
Screen
2022-10-18
Unimed Belem A Unimed é a maior realidade cooperativista na área da saúde em todo o mundo e também a maior rede de assistência médica do Brasil, presente em 83% do território nacional. O Sistema nasceu com a fundação da Unimed Santos (SP) pelo Dr. Edmundo Castilho, em 1967, e hoje é composto por 368 cooperativas médicas, que prestam assistência para mais de 19 milhões de clientes e 73 mil empresas em todo País. Clientes Unimed contam com mais de 110 mil médicos, 3.244 hospitais credenciados, além de pronto-atendimentos, laboratórios, ambulâncias e hospitais próprios e credenciados para garantir qualidade na assistência médica, hospitalar e de diagnóstico complementar oferecidos.
Screen
2022-10-11
Consorci Sanitari Integral & Geseme El Consorci Sanitari Integral (CSI) és un ens públic de serveis sanitaris i socials que neix l'any 2000 assumint els antics hospitals de la Creu Roja en la província de Barcelona. Actualment, el CSI està participat pel Servei Català de la Salut, l'Institut Català de la Salut, l'Ajuntament de l'Hospitalet de Llobregat, l'Ajuntament de Sant Joan Despí, el Consell Comarcal del Baix Llobregat i la Creu Roja. En 2016 en fou nomenat director general Carles Constante i Beitia.
Screen
2022-10-03
Ferrari Some internal documents, datasheets, repair manuals, etc.
Screen
2022-10-01
Bombardier Recreational Products (BRP) - SOURCE CODES Here are some codes from BRP's repos. atgk.brp.ApprenticeShopAPI, atgk.brp.ApprenticeShopMobileAppBackend, atgk.brp.Tools.RemoteConnectionManager, BRP - Usine 9 - Tracking, BRP-PP-ALM, EPC, RIM, SAP-BenchStatusMobileApp.
Screen
2022-09-03
Fundo Nacional de Desenvolvimento da Educação The National Fund for Educational Development (FNDE) is a federal agency under the Ministry of Education, responsible for implementing programs nationwide, including the National School Nutrition Program – PNAE, which serves 47 million students throughout the country, offering adequate and safe food in schools. Since its establishment, the FNDE has undergone several changes, which became more intense when the Brazilian government laid the groundwork for the formation of a substantive conception of education that pervades all levels of education and procedures. Thus, the agency was strengthened, especially with regard to the ongoing management of activities, projects and educational programs as a strategy to support the promotion of educational quality. Nowadays, besides the National School Nutrition Program - PNAE, the FNDE is responsible for implementing the Programs of School Transportation, National Textbook, School Direct Money, Brazil Literate, Pro-Youth, Joint Action Plan, Pro-Child, Decentralization and the Open University Credits.
Screen
2022-08-24
Bombardier Recreational Products (BRP) - BONUS CONTENT (!!!) In addition to previous leak: employees credentials, if you need netflix, battle.net, paypal or pornhub account feel free to use it; employees personal photos/videos; confidential BRP documents from several employees desktops/laptops. Why it's posted separately? They forces us to increase damage of the attack due to their "negotiations team".
Screen
2022-08-23
Bombardier Recreational Products (BRP) BRP Inc. is the holding company for Bombardier Recreational Products Inc., operating as BRP, a Canadian manufacturer of snowmobiles, all-terrain vehicles, side by sides, motorcycles, and personal watercraft. It was founded in 2003, when the Recreational Products Division of Bombardier Inc. was spun-off and sold to a group of investors consisting of Bain Capital, the Bombardier-Beaudoin family and the Caisse de dépôt et placement du Québec. Bombardier Inc., was founded in 1942 as L'Auto-Neige Bombardier Limitée (Bombardier Snowmobile Limited) by Joseph-Armand Bombardier at Valcourt in the Eastern Townships, Quebec. As of October 6, 2009, BRP had about 5,500 employees; its revenues in 2007 were above US$2.5 billion. BRP has manufacturing facilities in five countries: Canada, the United States (Wisconsin, Illinois, North Carolina, Arkansas, Michigan and Minnesota), Mexico, Finland, and Austria. The company's products are sold in more than 100 countries, some of which have their own direct-sales network. BRP's products include the Ski-Doo and Lynx snowmobiles, Can-Am ATVs and Can-Am motorcycles, Sea-Doo personal watercraft, and Rotax engines. The Ski-Doo was ranked 17th place on CBC Television's The Greatest Canadian Invention in 2007. Confidential agreements, NDA's, personal data, passports, etc.
Screen
2022-08-18
Corporación Nacional de Telecomunicación
2022-08-18
Liberty Group & ForHousing ForHousing formerly City West Housing Trust (CWHT) is a housing association in the City of Salford district. ForHousing is part of the Forviva Group with their head office in Eccles, Greater Manchester. Their homes were previously owned by Salford City Council until 2008 when they were stock transferred across to the new entity. ForHousing owns, and maintain over 14,600 homes. Colette McKune is the Group Chief Executive and Andy Zuntz is the chairman.
2022-08-18
Hellmann Worldwide Logistics Hellmann Worldwide Logistics is one of the largest international logistics providers.
Screen
2022-08-18
Scottish Association for Mental Health SAMH is the leading mental health organisation in the voluntary sector in Scotland. It seeks to provide people with the strength and confidence to have greater autonomy and control in their lives to facilitate change and recovery. SAMH operates over 60 services in communities across Scotland. Services are person centred and based on an ethos of recovery. For details of local services get in touch on 0141 530 1000, available 9am to 5pm, Monday to Friday.
Screen
2022-04-05
WT Microelectronics
2022-04-05
Sonae Food Retail Market Leader in Portugal
Screen
2022-03-29
Stago Diagnostica Stago, Inc., (DSI) is an industry leader in the science of hemostasis and thrombosis. Stago provides the total commitment of global resources and responsiveness, coupled with cutting edge technology and reliability. DSI is dedicated to continually developing and providing the very best hemostasis products, technical support, and services. Firmware source codes inside.
Screen
2022-03-20
Scottish Association for Mental Health
2022-03-15
Viva Air Fast Colombia S.A.S., trading as Viva Air Colombia and formerly VivaColombia, is a Colombian low-cost airline based in Rionegro, Antioquia, Colombia. It is a subsidiary of Irelandia Aviation and third largest airline in the country. It is not legally affiliated with Mexico's VivaAerobús, a fellow low-cost carrier co-founded by Irelandia which also uses the "Viva" brand. 26.5 million of client's names/dob's/passport numbers/phones/mails and a lot of other things inside.
Screen
2022-02-15
Samvardhana Motherson Peguform
2022-02-15
POP TV Pro Plus is a Slovenian multimedia company (d.o.o.) for television management, television productions, films of international studios, and sales of television advertising time. Pro Plus operates the commercial television programs Pop TV, Kanal A, Brio, Oto and Kino, the media web site 24ur.com, the specialized web sites Zadovoljna.si, Bibaleze.si, Cekin.si, Vizita.si, Frendi and Flirt, Moškisvet.com, Okusno.je and Dominvrt.si. Casting applicants (21K+) personal data, CV's, videos, photos, crew personal data.
Screen
2022-01-28
KCA Deutag With over 130 years of experience, KCA Deutag is a leading drilling, engineering and technology company working onshore and offshore with a focus on safety, quality and operational performance. They operate approximately 110 drilling rigs in 20 countries. KCA Deutag's corporate headquarters are in Aberdeen where the Land, Offshore and RDS divisions operate from. Bentec is headquartered at its ​manufacturing facility in Bad Bentheim, Germany. POSITIVE DRUG TESTS, COVID UNVACCINATED EMPLOYEES, CREDENTIALS and a lot of fun inside.
Screen
2021-12-15
Ajuntament de Castelló
2021-12-15
Hellmann Worldwide Logistics
2021-12-10
UMW Group The UMW Group is a leading industrial conglomerate and one of Malaysia's foremost public-listed companies.
Screen
2021-12-06
Ruwac Since 1985, Ruwac Industrial Vacuums has been manufacturing portable, central, silo and specialty industrial vacuum cleaner systems.
2021-11-16
Unione dei Comuni Terre di Pianura L'Unione dei comuni Terre di Pianura è un ente locale costituito nel gennaio 2010. Nasce dalla precedente esperienza di associazione intercomunale costituitasi nel 2000 con il nome di “Associazione Terre di Pianura”.
2021-10-24
Digicel Group Digicel is a Caribbean mobile phone network and home entertainment provider operating in 33 markets across the Worldwide regions. The company is owned by Irish businessman Denis O'Brien, is incorporated in Bermuda, and is headquartered in Jamaica.
2021-09-26
Unione Reno Galliera L'Unione Reno Galliera è una unione di comuni che nasce dall'accordo tra otto comuni italiani della città metropolitana di Bologna. Il loro territorio, costeggiato dal fiume Reno, si estende a nord del capoluogo, sviluppandosi verso Ferrara. Ne fanno parte Argelato, Bentivoglio, Castello d'Argile, Castel Maggiore, Galliera, Pieve di Cento, San Giorgio di Piano, San Pietro in Casale.
2021-09-20
United Carton Industries Company Ltd United Carton Industries Company (UCIC) has been in the corrugated business since 1990 with a current annual capacity of 420,000 tonnes. UCIC focuses on high quality corrugated solutions for the customized packaging needs.Five state of the art plants produce corrugated boxes, point of sale material, shelf ready and high graphic packaging. Strategically positioned in Jeddah and Riyadh, catering to the corrugated needs of FMCG, white goods, agricultural and packaging companies which includes the largest multi-national corporations and the best of domestic industry.
2021-09-09
Ultrapar Participações S.A.
2021-09-09
Vistra
2021-09-09
Indura SA
2021-09-09
Soluzioni Infrastrutturali Telefoniche ed Elettriche S.p.A.
2021-09-09
CalAmp (NASDAQ: CAMP)
2021-09-09
Pertamina EP
2021-09-09
Consiglio Nazionale del Notariato
2021-09-09
Ajuntament de Castelló
2021-09-09
Nobiskrug
2021-09-09
Samvardhana Motherson Peguform
2021-09-09
Wallace & Carey
2021-09-09
STEMCOR
2021-09-09
Universal Assistance S.A.
2021-09-09
WT Microelectronics
2021-09-09
Walsin
2021-09-09
Corporación Nacional de Telecomunicación
2021-09-09
Liberty Group & ForHousing
2021-09-09
Ermenegildo Zegna Holding Discover the world of Ermenegildo Zegna Group, a family company guided by ethical entrepreneurship that leads the fashion sector in a sustainable way.
2021-09-09
Gigabyte Technology Gigabyte Technology is a Taiwanese manufacturer and distributor of computer hardware. Gigabyte's principal business is motherboards.
2021-09-09
American Megatrends International Founded in 1985 and known worldwide for AMIBIOS®, the mission of AMI is to power, manage and secure the world’s connected digital infrastructure by providing best-in-class UEFI and remote management firmware, security solutions, development tools and utilities to top-tier manufacturers of desktop, server, mobile and embedded/IoT systems. Source codes are inside.