After the recent law enforcement action that was taken against the REvil ransomware group, the Groove threat group has publicly made a statement calling fellow cybercrime groups to band together to target U.S. interests. Furthermore, the group advised their fellow Russian threat groups not to attack Chinese entities in case the Russian government begins working with the U.S. They believe they can turn to China to be kept safe. The back and forth from Russian cybercriminals in this manner against the Biden administration, who has been outspoken against these cyber threats, is considered just the beginning according to Galina Antova, Claroty’s co-founder.
Analyst Notes
In the coming weeks, these Russian threat groups may be working to target U.S. entities. The U.S. is very aware of these public threats as they are being monitored by the FBI, CISA, and NSA. Organizations need to be vigilant in their fight against ransomware even though government agencies are working to combat it. All cyberattacks should be reported to these entities so they can work with the organizations on the proper steps to take. Organizations should also be honest with customers when an attack happens and be clear on what, if any, information the threat groups have stolen. It is also important to have the proper security defenses in place. This could include a monitoring service, such as the Binary Defense Managed Detection and Response service, to identify attacks quickly and work to mitigate them before they spread.
