Palo Alto Networks’ Unit 42 threat intelligence team observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more widespread in the future.
AvosLocker Ransomware
It is ransomware as a service (RaaS) that is utilizing a blue beetle logo to identify itself in communications with victims and “press releases” aimed at recruiting new affiliates.
Researchers observed AvosLocker was promoting its RaaS program and looking for affiliates on dark web discussion forums and other forums.

"AvosLocker offers technical support to help victims recover after they’ve been attacked with encryption software that the group claims is “fail-proof,” has low detection rates and is capable of handling large files”, says a research team from Palo Alto Networks.
The report says the ransomware impacted six organizations in the following countries: the US, the UK, the UAE, Belgium, Spain and Lebanon. Researchers observed initial ransom demands ranging from $50,000 to $75,000.
Hive Ransomware
Double-extortion ransomware is double-extortion ransomware. The ransomware uses all tools available in the extortion toolset to create pressure on the victim, including the date of initial compromise, countdown, the date the leak was disclosed on their site, and the option to share the disclosed leak on social media.

The research says the ransomware has impacted 28 organizations including a European airline company and three U.S.-based organizations.
HelloKitty Ransomware Group
This ransomware group is mainly targeting Windows systems. Researchers observed a Linux variant of HelloKitty targeting VMware’s ESXi hypervisor, which is used in cloud and on-premises data centers.

“We also observed two clusters of activity. Across the observed samples, some threat actors preferred email communications, while others used TOR chats for communication with the victims”, Palo Alto Networks.
It has impacted five organizations in Italy, Australia, Germany, the Netherlands and the U.S. The highest ransom demand observed from this group was $10 million.
LockBit 2.0 Ransomware
It is a RaaS operator that has been linked to some high-profile attacks. It claims to offer the fastest encryption on the ransomware market.

LockBit 2.0 has impacted multiple industries – 52 victims. Its victims include organizations in the U.S., Mexico, Belgium, Argentina, Malaysia, Australia, Brazil, Switzerland, Germany, Italy, Austria, Romania, and the U.K.
Therefore, experts mention that Palo Alto Networks Next-Generation Firewall customers are protected from these threats with Threat Prevention and WildFire security subscriptions. Customers are also protected with Cortex XDR and can use AutoFocus for tracking related entities.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.