• Login
  • Register
Nairametrics
  • Home
  • Exclusives
    • Financial Analysis
    • Corporate Stories
    • Interviews
    • Investigations
    • Metrics
    • Economy
    • Nairalytics
  • Markets
    • Currencies
    • Cryptos
    • Commodities
    • Equities
      • Company Results
      • Dividends
      • Stock Market
    • Fixed Income
    • Market Views
    • Securities
  • Sectors
    • Agriculture
    • Aviation
    • Company News
    • Consumer Goods
    • Corporate Updates
    • Corporate deals
    • Corporate Press Releases
    • Energy
    • Entertainment
    • Financial Services
    • Health
    • Hospitality & Travel
    • Manufacturing
    • Real Estate and Construction
    • Renewables & Sustainability
    • Tech News
  • Business News
    • Budget
    • Public Debt
    • Funds Management
    • Tax
  • Financial Literacy
    • Career tips
    • Personal Finance
  • Lifestyle
    • Billionaire Watch
    • Profiles
  • Opinions
    • Blurb
    • Op-Eds
    • Research Analysis
  • Recapitalization
    • Access Holdings Offer
    • Fidelity Bank Offer
    • GTCO Offer
    • Zenith Bank Offer
  • Home
  • Exclusives
    • Financial Analysis
    • Corporate Stories
    • Interviews
    • Investigations
    • Metrics
    • Economy
    • Nairalytics
  • Markets
    • Currencies
    • Cryptos
    • Commodities
    • Equities
      • Company Results
      • Dividends
      • Stock Market
    • Fixed Income
    • Market Views
    • Securities
  • Sectors
    • Agriculture
    • Aviation
    • Company News
    • Consumer Goods
    • Corporate Updates
    • Corporate deals
    • Corporate Press Releases
    • Energy
    • Entertainment
    • Financial Services
    • Health
    • Hospitality & Travel
    • Manufacturing
    • Real Estate and Construction
    • Renewables & Sustainability
    • Tech News
  • Business News
    • Budget
    • Public Debt
    • Funds Management
    • Tax
  • Financial Literacy
    • Career tips
    • Personal Finance
  • Lifestyle
    • Billionaire Watch
    • Profiles
  • Opinions
    • Blurb
    • Op-Eds
    • Research Analysis
  • Recapitalization
    • Access Holdings Offer
    • Fidelity Bank Offer
    • GTCO Offer
    • Zenith Bank Offer
Nairametrics
No Result
View All Result
Home Sectors

Sophos uncovers 4 ransomware groups using similar patterns to attack victims

Samson Akintaro by Samson Akintaro
August 14, 2023
in Sectors, Tech News
ransomware, Sophos

Ransomware red button on keyboard.

Share on FacebookShare on TwitterShare on Linkedin

The latest cybersecurity report from Sophos has revealed that prominent ransomware groups, which include Hive, Royal, and Black Basta have been sharing connections and using similar details to attack their victims.  

The cybersecurity company in the report titled “Clustering Attacker Behavior Reveals Hidden Patterns”, said it investigated four different ransomware attacks, one involving Hive, two by Royal, and one by Black Basta, and noticed distinct similarities between the attacks.

It noted that despite Royal being a notoriously closed-off group that does not openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities. 

RelatedStories

cybersecurity jobs

IT leaders globally raise security concern over AI cybersecurity tools usage – Report 

January 31, 2025
Nigeria set to develop Indigenous blockchain “Nigerium” to foster data sovereignty 

NITDA alerts Nigerians on cybersecurity risks linked to Spotify exploits 

November 26, 2024

Affiliate groups 

Commenting on the findings, principal researcher at Sophos, Andrew Brandt, said the company was tracking and monitoring the attacks as a “cluster of threat activity” that defenders can use to speed up detection and response times. 

  • “Because the ransomware-as-a-service model requires outside affiliates to carry out attacks, it’s not uncommon for there to be crossover in the tactics, techniques, and procedures (TTPs) between these different ransomware groups. However, in these cases, the similarities we’re talking about are at a very granular level.  
  • These highly specific, unique behaviors suggest that the Royal ransomware group is much more reliant on affiliates than previously thought. The new insights we’ve gained about Royal’s work with affiliates and possible ties to other groups speak to the value of Sophos’ in-depth, forensic investigations,” he said. 

According to him, the unique similarities include using the same specific usernames and passwords when the attackers took over systems on the targets, delivering the final payload in a .7z archive named after the victim organization, and executing commands on the infected systems with the same batch scripts and files. 

The report revealed that the first attack involved Hive ransomware in January 2023. This was followed by Royals’ attacks in February and March 2023 and, later, in March, Black Basta’s.  

Near the end of January this year, a large portion of Hive’s operation was disbanded following a sting operation by the FBI. This operation could have led Hive affiliates to seek new employment—perhaps with Royal and Black Basta—which would explain the similarities in the ensuing ransomware attacks. 

Implications for businesses 

Brandt noted that while threat activity clusters can be a stepping stone to attribution when researchers focus too much on the ‘who’ of an attack, then they can miss critical opportunities for strengthening defenses. He added that knowing highly specific attacker behavior helps managed detection and response teams react faster to active attacks. It also helps security providers create stronger protections for customers.  

  • “When protections are based on behaviors, it doesn’t matter who is attacking—Royal, Black Basta, or otherwise—potential victims will have the necessary security measures in place to block subsequent attacks that display some of the same distinct characteristics,” said Brandt. 

Follow us for Breaking News and Market Intelligence.
Tags: Andrew BrandtCybersecurityransomwareSophos
Samson Akintaro

Samson Akintaro

Samson Akintaro is a tech enthusiast and has over a decade experience covering and writing about the tech industry. He is currently the Tech Analyst at Nairametrics.

Related Posts

cybersecurity jobs
Sectors

IT leaders globally raise security concern over AI cybersecurity tools usage – Report 

January 31, 2025
Nigeria set to develop Indigenous blockchain “Nigerium” to foster data sovereignty 
Sectors

NITDA alerts Nigerians on cybersecurity risks linked to Spotify exploits 

November 26, 2024
Shortage of cybersecurity skills threatens Nigeria’s digital economy—Adewale Obadare 
Sectors

Shortage of cybersecurity skills threatens Nigeria’s digital economy—Adewale Obadare 

November 18, 2024
Vodafone signs 10-year deal with Google to bring AI and cloud cybersecurity to Africa 
Sectors

Vodafone signs 10-year deal with Google to bring AI and cloud cybersecurity to Africa 

October 8, 2024
Nigerian bank customers risk financial losses by exposing ATM card numbers—Zecharia Akinpelu
Sectors

Nigerian bank customers risk financial losses by exposing ATM card numbers—Zecharia Akinpelu

September 21, 2024
U.S. opens special cybersecurity office in Abuja to boost collaboration with EFCC
Business

U.S. opens special cybersecurity office in Abuja to boost collaboration with EFCC

July 26, 2024
Next Post
ai

New York Times bars tech companies from using its contents to train AI models

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Emple
nlng
first bank








DUNS

Recent News

  • AGF approves prosecution of Andy Uba, Benjamin Etu over alleged N400 million fraud 
  • EFCC arraigns Abel Sokari, Nkiruka Chukwuma and firm over alleged €49 million fraud attempt 
  • FIRS begins renegotiation of double taxation treaty with Netherlands amid tax reforms 

Follow us on social media:

Recent News

Federal High Court, REA

AGF approves prosecution of Andy Uba, Benjamin Etu over alleged N400 million fraud 

July 7, 2025
EFCC arraigns Abel Sokari, Nkiruka Chukwuma and firm over alleged €49 million fraud attempt 

EFCC arraigns Abel Sokari, Nkiruka Chukwuma and firm over alleged €49 million fraud attempt 

July 7, 2025
  • iOS App
  • Android App
  • Contact Us
  • Home
  • Markets
  • Sectors
  • Economy
  • Business News
  • Financial Literacy
  • Disclaimer
  • Ads Disclaimer
  • Copyright Infringement

© 2025 Nairametrics

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Social Media Auto Publish Powered By : XYZScripts.com
No Result
View All Result
  • Home
  • Exclusives
    • Financial Analysis
    • Corporate Stories
    • Interviews
    • Investigations
    • Metrics
    • Economy
    • Nairalytics
  • Markets
    • Currencies
    • Cryptos
    • Commodities
    • Equities
      • Company Results
      • Dividends
      • Stock Market
    • Fixed Income
    • Market Views
    • Securities
  • Sectors
    • Agriculture
    • Aviation
    • Company News
    • Consumer Goods
    • Corporate Updates
    • Corporate deals
    • Corporate Press Releases
    • Energy
    • Entertainment
    • Financial Services
    • Health
    • Hospitality & Travel
    • Manufacturing
    • Real Estate and Construction
    • Renewables & Sustainability
    • Tech News
  • Business News
    • Budget
    • Public Debt
    • Funds Management
    • Tax
  • Financial Literacy
    • Career tips
    • Personal Finance
  • Lifestyle
    • Billionaire Watch
    • Profiles
  • Opinions
    • Blurb
    • Op-Eds
    • Research Analysis
  • Recapitalization
    • Access Holdings Offer
    • Fidelity Bank Offer
    • GTCO Offer
    • Zenith Bank Offer
  • Login
  • Sign Up

© 2025 Nairametrics