SugarLocker

History

2024: Liquidation of the grouping

In Russia, the SugarLocker group of ransomware hackers has been liquidated. About this in the information security company F.A.S.S.T. told in February 2024.

According to her, cybercriminals worked under the sign of a legal firm called Shtazi-IT, which offers services for the development of landings, mobile applications, online stores. The set of developers was conducted openly - through the Telegram channel.

𝓲

Unsplash

In January 2024, three members of the SugarLocker cyber group were detained by law enforcement. During the search, the suspects were found to have laptops, mobile phones, traces of correspondence, other digital evidence confirming their illegal activities. They were charged under Article 273 of the Criminal Code of the Russian Federation "Creation, use and distribution of malicious computer programs."

During the investigation, several defendants were identified who were not only engaged in the promotion of their ransomware, but also developed malicious software to order, created phishing sites of online stores, caught up with user traffic to fraudulent schemes popular in Russia and the CIS, the F.A.S.S.T. said in a statement.

According to the company, the first appearance of the SugarLocker ransomware virus dates back to early 2021. Since then, hackers have sold or leased (the so-called RaaS model) malicious software to their partners to further hack the network and deploy ransomware. The announcement said SugarLocker attacks targets over networks and RDP, a remote desktop protocol. As a condition of cooperation, hackers offered the following: 70% of the revenue is received by a partner, and 30% by SugarLocker. If the income exceeds $5 million, the profit will be distributed on more favorable terms: 90% by 10%, respectively. At the same time, the cyber group did not work in the CIS countries.^[1]

Notes