Russian Threat Actor “farnetwork” Linked With 5 Ransomware Strains

In March 2023, the cybersecurity panorama witnessed a necessary revelation as Group-IB’s Threat Intelligence crew delved into the clandestine world of farnetwork, an elusive threat actor linked to 5 notorious ransomware traces.

Farnetwork, also diagnosed as farnetworkl, jingo, jsworm, razvrat, and piparkuka, emerged as a prominent player within the Ransomware-as-a-Carrier (RaaS) market, orchestrating complex operations and managing a non-public RaaS program per the Nokoyawa ransomware stress.

How Group-IB Cracked the Case

The investigation began when Group-IB researchers attempted to infiltrate a non-public RaaS program the employ of the Nokoyawa ransomware stress.

What ensued was once a chain of revelations, shedding light on farnetwork’s intensive prison profession, courting serve to 2019.

The threat actor’s involvement in assorted ransomware initiatives, along with JSWORM, Karma, Nemty, and Nefilim, showcased their expertise in increasing ransomware and managing RaaS applications.

How Farnetwork Operated Their RaaS Program

Farnetwork’s modus operandi was once further dissected, revealing their intricate RaaS affiliate program.

Affiliates in this program were granted salvage admission to to compromised corporate networks, inserting off the need for community compromise and streamlining the ransomware assaults.

Farnetwork’s income distribution mannequin for a hit assaults provided pals 65% of the ransom, whereas the botnet proprietor bought 20%, and the ransomware proprietor took 15%.

Alternatively, farnetwork’s activities weren’t confined to utterly one stress of ransomware.

The threat actor’s involvement within the Nokoyawa ransomware mission, a spinoff of Karma ransomware, exhibited their adaptability and innovation all over the cybercriminal panorama.

Farnetwork’s interactions with assorted ransomware groups, such as Hive, hinted at a posh net of connections all over the prison underworld.

What Took position to Farnetwork and Protect Against Ransomware

Despite farnetwork’s announcement of retirement and the following close of their Nokoyawa Devoted Leak House (DLS) operations, Group-IB’s Threat Intelligence crew stays vigilant.

The crew anticipates farnetwork’s probably return under a brand fresh guise, continuing their nasty activities within the ever-evolving realm of cybercrime.

In light of these revelations, cybersecurity consultants and enthusiasts are entreated to dwell proactive.

Enforcing multi-order authentication, enhancing endpoint security, conducting fashioned recordsdata backups, and prioritizing patch management are instructed to safeguard in opposition to ransomware threats.

Furthermore, elevating awareness amongst staff about cybersecurity risks and fending off ransom funds are a truly great steps in mitigating the impact of these assaults.

As the cybersecurity panorama evolves, Group-IB’s ongoing dedication to combating cybercrime ensures that organizations are instructed, safe, and geared as much as navigate the challenges posed by threat actors like farnetwork.