A newly discovered threat group called GOLD ULRICK continues to adapt and operate the Conti name-and-shame ransomware scheme and adjusted well to the massive data leak of Conti ransomware’s source code. Conti is still actively circulating in the wild based on recent findings despite experiencing enormous data leaks from security researchers.
The efforts of many researchers to leak the data of Conti have not even affected the ransomware group’s malicious acts since they are still attacking targets worldwide. The data leak released by the researchers has resulted in the public disclosure of their operational information and communication. However, the adversaries remain unfazed since they have other operators like GOLD ULRICK.
Instead of lessening, the number of Conti victims skyrocketed in March, resulting in the second-highest monthly tally since the beginning of the year.
GOLD ULRICK contributes to Conti’s malicious schemes.
The GOLD ULRICK group has recently added over ten victims in the first week of April. The malware developers have worked efficiently to upgrade their TTPs, such as intrusion methods, ransomware, and approach to counteract the public source code leak against them.
The discoveries regarding the group are corroborative evidence made by a security group, which indicates that the threat actors operated its acts as common attacks such as infecting networks, stealing data, encrypting data, and launching ransomware.
Furthermore, the recent leaks revealed details regarding GOLD ULRICK’s connection to Conti and Emotet. The basis of the assumptions is that the leaked information and its monitoring of Emotet found out that some of the group’s victims are included in a selection of Conti’s potential targets.
The Emotet operation is a different scheme from Conti; however, experts believe they depend on Emotet to identify their following targets.
The GOLD ULRICK group stayed operational despite the massive leak of communication operation and information about its root strain, Conti. This behaviour shows that these cybercriminal groups will be hard to stop.
All entities should also collaborate to device better protection against these ransomware criminals.