The group has asked for ransoms up to 1.5 million dollars. The ransom amount likely changes based on the sensitivity of the information that the group can find on a victim’s network that can be used for blackmail. By carefully reviewing the companies’ documents before beginning their ransomware attack, the group has been able to keep their ransom demands high resulting in them making a lot of money. The group does not show signs of slowing down. RDP has continued to be a common attack vector for threat groups since so many people are working from home and many remote access solutions have been a security problem for companies that do not have it configured correctly. Employees should be aware of phishing emails attempting to steal their credentials. In this case, the group relies on legitimate credentials to log in to RDP so that the attack can go undetected. Implementing a strong VPN solution, keeping servers updated with security patches, and requiring Multi-Factor Authentication (MFA) for all remote logins are all important steps to keep attackers from exploiting remote access, even if they obtain a user’s password. Proper monitoring should be in place to identify attacks quickly. This includes monitoring such as Binary Defense’s Managed Detection and Response that looks for attacks being carried out through behavior-based detection and works to stop them through 24/7 Security Operations and response.

https://www.zdnet.com/article/this-ransomware-gang-hunts-for-evidence-of-crime-to-pressure-victims-into-paying-a-ransom/