One percent Ransomware Group :
who are One percent ransomware group :
Cyber-criminal group who self identifies as the ‘One Percent Group’ and who have used Cobalt Strike to perpetuate ransomware attacks against US companies since November 2020m as said by FBI
One Percent Group actors encrypt the data and exfiltrate it from the victims’ systems and as soon ransomware is launched , the group initiate call to affected users by spoofing their phone number and threatens to release data to public if they don’t play ransom.
The agency did link One Percent Group to the notorious REvil (Sodinokibi) ransomware gang, whose data leak site they’ve used to leak and auction their victims’ stolen files.
In the illustration below, a tree diagram showing their methodology and tools used for compromising at each stages of attack
Note: These tools are used for legitimate & malicious purpose and can be found in GitHub
Flow chart contains :
- Stage by stage description
- Tools used at each level
Thanks for your time………… cheers !