Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Groove Ransomware Calls On All Extortion Gangs To Attack US Interests

Groove Ransomware Calls On All Extortion Gangs To Attack US Interests

The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil’s infrastructure last week.

Over the weekend, BleepingComputer reported that the REvil ransomware operation shut down again after an unknown third party hijacked their dark web domains.

As part of this shutdown, a known REvil operator claimed that the unknown party was “looking” for them by modifying configuration files, so that the threat actor would be tricked into going to a site operated by the unknown entity.

REvil announcing they shut down again
REvil announcing they shut down again

Yesterday, Reuters reported that REvil’s takedown resulted from an international law enforcement operation that included support from the FBI.

Also Read: Top 8 Main PDPA Obligations To Boost And Secure Your Business

Calls for attacks on US interests

Today, the Groove ransomware gang published a Russian blog post calling on all other ransomware operations to target US interests.

Post on Groove ransomware data leak site calling for attacks on the USA
Post on Groove ransomware data leak site calling for attacks on the USA

The blog post also warns ransomware operations not to target Chinese companies, as the gangs would need to use the country as a safe haven if Russia takes a stronger stance on cybercrime operating inside its country.

The whole translated message, with some censoring of inappropriate words, can be read below.

“In our difficult and troubled time when the US government is trying to fight us, I call on all partner programs to stop competing,
unite and start xxcking up the US public sector, show this old man who is the boss here who is the boss and will be on the Internet
while our boys were dying on honeypots, the nets from rude aibi squeezed their own… but he was rewarded with higher and now he will go to jail for treason, so let’s help our state fight against such ghouls as cybersecurity firms that are sold to amers, like US government agencies, I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors – the Chinese! I BELIEVE THAT ALL ZONES IN THE USA WILL BE OPENED, ALL xxOES WILL COME OUT AND xxCK THIS xxCKING BIDEN IN ALL THE CRACKS, I myself will personally make efforts to do this” – Groove ransomware.

The calling of attacks on US interests correlates with other information shared with BleepingComputer this week by a threat intelligence researcher for a Dutch bank.

In July 2021, a threat actor known as ‘Orange’ launched the RAMP hacking forum after shutting down and splitting from the original Babuk Ransomware operation.

As Orange still controlled Babuk’s Tor site, he used it to launch the hacking forum where he acted as an admin. Orange is also believed to be one of the representatives of the Groove ransomware operation.

Recently, Orange stepped down as the forum’s admin to pursue a new operation but did not provide any further information on what was being planned.

Also Read: 5 Tips In Using Assessment Tools To A Successful Businesses

Threat actor resigning as admin to start a new operation
Threat actor resigning as admin to start a new operation

However, a later post indicates that the threat actor is likely starting a new ransomware operation as he began actively pursuing the purchase of network access to US hospitals and government agencies, as shown in the forum post below.

Threat actor purchasing access to US hospitals and government agencies
Threat actor purchasing access to US hospitals and government agencies

Groove’s post correlates with the above forum posts from Orange, indicating that targeting all USA interests has been planned for some time.

Today’s announcement from Groove Ransomware correlates with the Orange’s forum posts, indicating that targeting of all USA interests has been planned for some time, with the REvil law enforcement operation being the catalyst for Groove’s announcement.

It is unclear if ‘Orange’ will be performing these attacks on USA organizations under the Groove operation or launching a new ransomware operation.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us