New Ransomware Group “Vanir Group”: Three Victims Immediately in Their Data Leak Site

Pietro Melillo : 10 July 2024 15:47

A new ransomware group, calling themselves “Vanir Group,” has recently made its debut in the cybercrime landscape. This group has quickly garnered attention for the aggressiveness and professionalism of their operations, hitting three victims in a short time and making their actions public through a data leak site.

On their website, the Vanir Group has left an intimidating message for their targets, addressed to the CEOs or domain administrators of the affected companies. Here is part of the message:

“Hello, You must be the domain administrator or CEO, in other words, our latest victim. You reading this message means that the internal infrastructure of your company has been compromised, all your backups are deleted or encrypted. We have also stolen the majority of all important data held by your company. Going forward, it would be in your interest to cooperate with us, to prevent further disgrace.”

The Victims and Ransom Demands

Supporta RHC acquistando il Corso CTI:

Supporta RHC attraverso:

• L'acquisto del fumetto sul Cybersecurity Awareness
• Seguendo RHC su WhatsApp
• Seguendo RHC su Telegram
• Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

The Vanir Group claims to have a deep understanding of the finances of the affected companies, suggesting that the ransom price has been carefully calculated. They threaten to sell or distribute the stolen data if their demands are not met:

“When you choose to disregard our kindness and report to law enforcement or data recovery experts to help you find a way to recover your lost data, you lose TIME and MONEY, and in the process, you also lose our patience.”

The Group’s Communications

The Vanir Group’s website also includes an interactive terminal where commands like “help” for a list of available commands, “news” for information about the group and their victims, and “victims” for a list of all their victims can be entered.

Collaboration and Affiliation

In the terminal, the Vanir Group also invites potential affiliates to contact them, suggesting that they are looking for collaborators to expand their operations:

“To join us, message BlackEyedBastard on Tox for your examination.”

Conclusion

The Vanir Group represents a new and dangerous threat in the world of cybercrime. With their precise and ruthless operations, they have already hit three companies, warning both potential victims and law enforcement. It is essential that companies strengthen their cybersecurity defenses and adopt preventive measures to avoid becoming the next victims of this ransomware group.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"