Global RA World Ransomware Gang Hits Germany

By Bogdan Pătru . 3 May 2024

Tech Writer

Fact-Checked this

RA World ransomware gang targets 5 victims in Germany. The hackers have published the data and profile of 2 of them, but the other 3 are still unknown. That suggests that the negotiations are still ongoing or that the victims haven’t contacted the hackers yet.

All victims got 5 days at their disposal to contact the hackers for negotiations
Two of the victims either surpassed their time limit or refused to negotiate, causing the hackers to expose their data publicly
RA World was previously known as RA group and it became public in July 2022
The gang uses the double-extortion tactic and exploits weak credentials to infiltrate their victims

Ransomware attacks have been on a growing trend since the beginning of 2023. Most attacks are conducted by veteran gangs, but many are also linked to newly-formed groups. RA World is fairly well-established in the ransomware sphere.

While the organization doesn’t appear to be highly active, the hackers are good at what they do. In many cases, victims didn’t realize the breach until the ransomware note hit them. RA World also uses encryption to deny the victims access to their systems.

X showing the RA World attack on the 5 victims — https://twitter.com/FalconFeedsio/status/1785942300377350300

The double-extortion strategy is fairly common in the ransomware sphere. The tactic involves using a powerful encryptor to scramble the victim’s data and make it unreadable. The victim cannot recover it without the decryption key.

This is only obtainable during negotiations if the victim decides to negotiate, which most don’t. When it comes to the stolen data, nothing is certain. The hackers claim that they will delete it if the ransom is paid, but records speak against that.

As evidence shows, most ransomware gangs save the data for themselves for later use. Many others share or sell it to other ransomware gangs or simply leak it on the Dark Web for other advantages.

How Dangerous is RA World?

According to some reports, RA World is quite the capable organization, using advanced tactics and tools to speed up infiltration, avoid detection, and boost data exfiltration. This already paints it as a resourceful and dangerous group.

The hackers are also resilient and adaptable, allowing them to tackle potential threats effectively. This is especially valuable in today’s climate when the FBI, along with their European counterparts, have started to crack down on ransomware gangs.

Today’s attack is proof that ransomware gangs in general have become more capable and confident. While RA World is known as a ruthless group, they rarely target multiple victims at once. Especially high-value ones.

So, what should you do if and when targeted by a gang like RA World? The most important piece of advice you can get is this: do not negotiate and do not pay the ransom. Paying the ransom doesn’t guarantee anything other than you losing money.

The hackers may publish the stolen data anyway or share it with other malicious actors who will use it for their own purposes. This explains why those who choose to pay the ransom are often hit multiple times a year.

At least until they work on their cybersecurity or decide to no longer give in to the hackers’ pressure.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Global RA World Ransomware Gang Hits Germany

How Dangerous is RA World?

Our Mission

Bogdan Pătru

Leave a Comment Cancel