Bl00dy Ransomware Gang
| Actor Type | Criminal Group |
|---|
The Bl00dy Ransomware Gang emerged around May 2022 and employs double extortion tactics against targeted organizations. Unlike traditional data leak sites, they utilize a Telegram channel to publish stolen data. Their encryptor is based on the leaked LockBit source code, and they have also been observed using encryptors from leaked source codes of Babuk and Conti ransomware strains.
They have been observed exploiting vulnerabilities in multiple products to gain access to target networks, including CVE-2023-27350 in PaperCut MF and NG and CVE-2024-1709 and CVE-2024-1708 in ConnectWise ScreenConnect.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Bl00dy Ransomware Gang Threat Reports
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
This blog post gives a detailed analysis of two critical vulnerabilities (CVE-2024-1708 and CVE-2024-1709) affecting ConnectWise ScreenConnect ...
References
www.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131awww.bleepingcomputer.com
https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/talion.net
https://talion.net/blog/that-bl00dy-new-ransomware-strain/www.trendmicro.com
https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.htmlMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.