RA World Ransomware Group Announced Three New Victims - #RAGroup
A new ransomware group called RA Group, later rebranded as RA World, has emerged as a significant threat, utilizing leaked Babuk ransomware source code. Actively targeting organizations in the U.S., South Korea, Europe, and Southeast Asia since April 2023, the group employs double extortion tactics, exfiltrating sensitive data and threatening to publish it unless ransoms are paid. Their ransomware variants use intermittent encryption, curve25519, and hc-128 algorithms, appending .GAGUP or .RAWLD extensions to encrypted files. RA World has shifted focus from healthcare to manufacturing, likely due to the higher ransom-paying ability of those targets.