The United States Federal Bureau of Investigations (FBI) released a security advisory with details about the techniques, tactics, and procedures (TTP) of the ransomware affiliate group “OnePercent Group.” This is the first advisory released by the FBI that focuses on an affiliate group of Ransomware as a Service (RaaS) platforms such as REvil.
RaaS provide the underlying software tools, training, money laundering and negotiation services that characterize a ransomware attack to so-called “affiliate” groups that actively use these tools to target victims in return for a percentage of the profits. These affiliate groups, often euphemistically referred to as “pentesters” by RaaS organizations, are the actual criminals conducting unauthorized entry and operations on target organizations’ networks.
The FBI said that OnePercent group has been operating since at least November 2020. Although the FBI alert did not specify RaaS the OnePercent group used, Recorded Future reported that the group worked with RaaS providers REvil, Maze, and Egregor. They received their epithet due to their practice of threatening to leak 1% of a targeted organization’s data if the ransom was not immediately paid.