The FBI recently released a flash warning due to the recent activities of an organized cyber-criminal gang referred to as the OnePercent Group. In the alert, which was published on Monday, the FBI stated that the group has been targeting US companies since November 2020. OnePercent uses the threat emulation software Cobalt Strike to conduct ransomware attacks, sending malicious emails to victims’ inboxes. OnePercent deploys phishing tactics to persuade the user to open seemingly safe attachments that instead infect the system with the IcedID banking Trojan.
The malicious attachment appears as a zip file containing either a Microsoft Word or Excel document. The banking trojan downloads software onto the victim’s computer, including Cobalt Strike, which has the ability to move laterally in the network with PowerShell removing. OnePercent encrypts the device’s data and exfiltrates it from the network using a tool known as rclone. The threat group then leaves a ransom note that informs the victim that they have one week to pay ransom demands.
Read More: FBI Issues Ransomware Group Flash Alert