Skip to content

Latest commit

 

History

History
40 lines (30 loc) · 3.32 KB

File metadata and controls

40 lines (30 loc) · 3.32 KB

Adversary Overview 🪄 🕸️

Wizard Spider is a Russia-based e-crime group originally known for the Trickbot banking malware.1 In August 2018, Wizard Spider added capabilities to their Trickbot software enabling the deployment of the Ryuk ransomware.2 3 This resulted in "big game hunting" campaigns, focused on targeting large organizations for high-ransom return rates. 4  Notable Ryuk attacks include the Universal Healthcare System Hospitals, US Georgia and Florida state government administrative offices, and Chinese companies. 5 6

According to the FBI, in less than one year (2019-2020) Wizard Spider extorted $61 million USD from ransomware attacks. 7 8 Throughout the operations, the group used a multi-staged approach to manage ransomware campaigns.9 Prior to encrypting a victim's network, the group exfiltrates sensitive data and threatens to publicly disclose it if the victim refuses to pay the ransom.

Associated Names: UNC1878, TEMP.MixMaster, Grim Spider, Team9 

Group Overview Report References 🔗

ID Report Links
1 https://attack.mitre.org/groups/G0102/
2 https://www.trendmicro.com/en_us/research/19/b/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire.html
3 JISC Report
4 https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/
5 https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/campaign/#:~:text=SandWorm%20is%20an%20APT%20group,aggressive%20and%20sometimes%20destructive%20cyberattacks.
6 https://www.upi.com/Top_News/US/2019/07/08/Ransom-hackers-hit-Georgia-courts-after-cities-pay-1M/4111562116580/
7 https://www.youtube.com/watch?v=LUxOcpIRxmg
8 https://www.cybersecuritydive.com/news/Ryuk-FBI-DHS-ransomware-healthcare/587961/
9 https://intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/

Connect with us 🗨️

We 💖 feedback! Let us know how using ATT&CK Evaluation results has helped you and what we can do better.

Email: evals@mitre-engenuity.org
Twitter: https://twitter.com/MITREengenuity
LinkedIn: https://www.linkedin.com/company/mitre-engenuity/