Researchers with FortiGuard have linked DeathRansom malware to a number of info-stealing campaigns, all of which seem to be the work of a Russian-speaking resident of Italy who uses the moniker “scat01.”
DeathRansom began as a sort of dark joke, since the malware initially pretended to be file-encrypting ransomware, but never actually encrypted files. Instead, it merely demanded ransom payments from victims. However, scat01 has added a file-encryption mechanism to recent variants of the malware, making it as dangerous as other ransomware strains.
FortiGuard now believes that in addition to DeathRansom, scat01 is behind various infostealing malware, namely the Vidar stealer, Azorult stealer, Evrial stealer, 1ms0rryStealer and the Supreme miner.
Read more: DeathRansom Campaign Linked to Malware Cornucopia