Xing Locker team ransomgroup is on a roll! They recently hit Sharafi Group Investments

June 19, 2021
xing locker ransomware sharafi group investments

While performing our routine dark web scans, we stumbled once again to the page of the Xing Locker group who has recently joined the limelight of the ransomware groups. Unfortunately for their victims, aside from getting their files encrypted. Their data is also stolen.

Now they recently struck a Middle Eastern investment company in UAE. Sharafi Group Investments.


Xing Team Ransomgroup hit Sharafi Group Investments image1


The business mainly focuses on Mortgage & Investments, where it is said that the total revenue is $122 M. The size of the stolen data is 140 GB. Delving deeper into the downloadable page of XING Locker, it will look exactly like this


Xing Team Ransomgroup hit Sharafi Group Investments image 2



Unlike other Ransomware gang sites that provide download links over the onion, the Xing Locker group gives the directory structure itself still over the TOR network.


Usually, these type of online directories can be downloaded by using a Linux command

“wget -r -np -nH –cut-dirs=3 -R index.html http://domain/xxx/yyy/zzz/aaa

While this downloadable directory is not a just click download, it does provide some ease of download to those who know how to get by it.

Sharafi Group Investments appears to have their data exposed due to non-payment of the ransom attack. The type of files exfiltrated and found by our team are log files and the actual files that mention sensitive stuff such as payroll, contacts, deals, and other sensitive documents important for a business. Here is a glimpse of sensitive data where it involves the pay raise of an employee


Xing Team Ransomgroup hit Sharafi Group Investments image 3



Xing Team Ransomgroup hit Sharafi Group Investments image 4



By the looks of it, the Real Estate Industry is susceptible to Ransomware attacks, being successfully owned by a recently established ransom group. It speaks volume.  Corporations and businesses must consider beefing up their security because nobody is exempted from becoming a cyberattack victim. Misconfiguration and exploits is a sure way to get a system attacked by different sort of malicious program. The financial industry should have learned its lesson by now, as the year 2020 was not a good year for financial institutions when the pandemic started. It could be a reason why other sectors are directly targeted by ransomware gangs because the non-financial industries never saw it coming.

Fortunately, cybersecurity companies such as iZOOlogic provide Vulnerability Assessment services to pinpoint and scan vulnerabilities on live websites to proactively detect potentially vulnerable and malicious scripts that exist on a website that can be utilized by a threat actor as leverage for attacks. We can tell that the new large-scale Phishing attack is an exfiltration and ransom encryption attacks.


About the author

Leave a Reply