One percent Ransomware Group :

who are One percent ransomware group :

Cyber-criminal group who self identifies as the ‘One Percent Group’ and who have used Cobalt Strike to perpetuate ransomware attacks against US companies since November 2020m as said by FBI

One Percent Group actors encrypt the data and exfiltrate it from the victims’ systems and as soon ransomware is launched , the group initiate call to affected users by spoofing their phone number and threatens to release data to public if they don’t play ransom.

The agency did link One Percent Group to the notorious REvil (Sodinokibi) ransomware gang, whose data leak site they’ve used to leak and auction their victims’ stolen files.

In the illustration below, a tree diagram showing their methodology and tools used for compromising at each stages of attack

Note: These tools are used for legitimate & malicious purpose and can be found in GitHub

Flow chart contains :

  1. Approach
  2. Stage by stage description
  3. Tools used at each level
Flow diagram

Thanks for your time………… cheers !



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store