Read Time:1 Minute, 2 Second
What is Underground Team Ransomware?
Underground Team is a new ransomware variant that encrypts files on compromised machines and claims to have stolen sensitive data from victims. Although the ransomware encrypts files, file extensions of the affected files stay unchanged. It also deletes Volume Shadow Copies to prevent victims from being able to recover any files that had been encrypted.
Underground Team ransomware attacker has its TOR negotiation site, where victims can have discussions with the attacker about ransom details. The URL of the TOR site is included in the ransom note “!!readme!!!.txt” along with additional information about where the attacker claims to have exfiltrated the information and the type of information. The ransom note also states that the attacker will release the stolen data unless the ransom is paid within three days. The attacker also claims to be willing to help victims improve their network security.
Why is this Significant?
This is significant because Underground Team is a new ransomware strain that can have a significant impact on businesses by encrypting files on compromised machines and potentially stealing confidential data.
What FortiGuard Coverage is Available?
FortiGuard Labs has the following AV signature in place for the known Underground Team ransomware:
W32/FileCoder.75F6!tr.ransom
