{"id":49394,"date":"2022-11-21T16:26:20","date_gmt":"2022-11-21T16:26:20","guid":{"rendered":"http:\/\/40582065-30e6-477c-9845-9178eb389165"},"modified":"2022-11-21T16:26:20","modified_gmt":"2022-11-21T16:26:20","slug":"this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/","title":{"rendered":"This sneaky ransomware gang keeps changing tactics to spread its malware"},"content":{"rendered":"<figure class=\"c-shortcodeImage u-clearfix c-shortcodeImage-large\">\n<div class=\"c-shortcodeImage_imageContainer\">\n<div class=\"c-shortcodeImage_image\"><picture class=\"c-cmsImage c-cmsImage_loaded\"><source media=\"(max-width: 767px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/9da76ec9d5748a458e23dd40e623cfd1697c78a5\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=768\" alt=\"Hand typing on a keyboard.\"><source media=\"(max-width: 1023px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/559ac5b6e72e103e24e6ee70765a1c5b36e7c1b1\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1024\" alt=\"Hand typing on a keyboard.\"><source media=\"(max-width: 1440px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200\" alt=\"Hand typing on a keyboard.\"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200\" alt=\"Hand typing on a keyboard.\" width=\"1200\" height=\"897.3026973026973\" fetchpriority=\"low\"><\/picture><\/div>\n<p> <!----><\/div>\n<p> <!----><figcaption> <span class=\"c-shortcodeImage_credit g-outer-spacing-top-xsmall u-block\">Getty Images<\/span><\/figcaption><\/figure>\n<p>A new ransomware operation is using unusual techniques to breach networks and encrypt them with file-locking malware in order to hold victims to ransom.&nbsp;<\/p>\n<p>Royal <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web\/\" rel=\"follow\">ransomware<\/a> first appeared in September this year and is being distributed by multiple threat groups, but one is showing <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/17\/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">what Microsoft Security Threat Intelligence describes as<\/a> &#8220;a pattern of continuous innovation&#8221; to distribute and hide payloads, often until it&#8217;s too late and the victim has had their network encrypted.<\/p>\n<p>The attacks, delivered in a variety of ways, are attributed to a group Microsoft tracks as DEV\u20130569 \u2013 a temporary name as the origin and identity of the group behind the activity is still uncertain.&nbsp;<\/p>\n<p>Some of the campaigns deliver Royal ransomware using a method commonly associated with cyber attacks; <a href=\"https:\/\/www.zdnet.com\/article\/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more\/\" rel=\"follow\">phishing emails<\/a> used to deliver a malicious attachment, in this case, containing Batloader <a href=\"https:\/\/www.zdnet.com\/article\/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software\/\" rel=\"follow\">backdoor malware<\/a>, which is used to download the ransomware payload.&nbsp;<\/p>\n<p>This isn&#8217;t the only phishing method which the Royal ransomware attackers use to deliver the initial payload. Microsoft also notes that it&#8217;s delivered via emails with links to what pose as legitimate installers and updates for commonly used business applications. Downloading these fake updates installs the backdoor, which is later used to deliver malware.&nbsp;<\/p>\n<p><strong>Also: <\/strong><a href=\"https:\/\/www.zdnet.com\/article\/ransomware-why-its-still-a-big-threat-and-where-the-gangs-are-going-next\/\" rel=\"follow\"><strong>Ransomware: Why it&#8217;s still a big threat, and where the gangs are going next<\/strong><\/a><\/p>\n<p>More unusual techniques include using contact forms to gain access to targets and deliver malware. DEV-0569 isn&#8217;t the first ransomware operation to distribute attacks in this way, but the attack method is still an uncommon one \u2013 and one which defenders may not consider.&nbsp;<\/p>\n<p>The attackers send messages to the targets via the contact forms on the targets&#8217; own websites, claiming to be from a national financial authority. If the victim responds to the message, the attackers reply again and attempt to trick the victim into clicking a link which installs Batloader.&nbsp;<\/p>\n<p>Recently, the attackers have been seen leveraging Google ads to help deliver malware via malvertising links which allow attackers to track which users and which devices click links. These links are used to identify potential targets distribute the Batloader payload. &nbsp;<\/p>\n<p>Microsoft says it has reported this abuse to Google for awareness and consideration for action. ZDNET has contacted Google but is yet to receive a reply at the time of publication.&nbsp;<\/p>\n<p>In addition to malvertising and phishing links, it&#8217;s also reported that DEV-0569 has performed &#8216;hands-on&#8217; human operated attacks to install ransomware, gaining access to compromised networks exploiting vulnerabilities and remote access tools to manually download the Royal payload.&nbsp;<\/p>\n<p>Microsoft&#8217;s researchers note &#8220;DEV-0569&#8217;s widespread infection base and diverse payloads likely make the group an attractive access broker for ransomware operators&#8221; &#8211; meaning that even if they didn&#8217;t install their own ransomware, they could sell access to networks to other ransomware operators and other malicious cyber threat groups.&nbsp;<\/p>\n<p>The attackers have also been witnessed using open source tools in attempts to disable anti-virus software to make it harder for their malicious activity to be detected.&nbsp;<\/p>\n<p>According to Microsoft, it&#8217;s likely the group will continue to breach networks using a variety of different methods \u2013 but there are actions which can be taken to avoid falling victim to attacks.&nbsp;<\/p>\n<p>These include building resilience against email threats by educating users about identifying social engineering attacks and preventing malware infection \u2013 and providing users with a method for reporting suspected attacks.&nbsp;<\/p>\n<p>It&#8217;s also recommended that organizations practice the principle of least-privilege and maintain credential hygiene \u2013 in other words, only providing accounts with the access they absolutely need for that person to do their job, and to ensure that the account is secured with a strong password and multi-factor authentication. These can help prevent attackers from entering and moving around the network.&nbsp;<\/p>\n<p>Microsoft also suggests that organizations turn on tamper protection features to prevent attackers from stopping security services.&nbsp;<\/p>\n<p><strong>MORE ON CYBERSECURITY<\/strong><\/p>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers distributing Royal ransomware use sneaky techniques to trick the unwary into downloading file-encrypting malware.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-49394","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This sneaky ransomware gang keeps changing tactics to spread its malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This sneaky ransomware gang keeps changing tactics to spread its malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-21T16:26:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This sneaky ransomware gang keeps changing tactics to spread its malware\",\"datePublished\":\"2022-11-21T16:26:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/\"},\"wordCount\":673,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\\\/2022\\\/02\\\/16\\\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\\\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/\",\"name\":\"This sneaky ransomware gang keeps changing tactics to spread its malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\\\/2022\\\/02\\\/16\\\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\\\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200\",\"datePublished\":\"2022-11-21T16:26:20+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\\\/2022\\\/02\\\/16\\\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\\\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\\\/2022\\\/02\\\/16\\\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\\\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"This sneaky ransomware gang keeps changing tactics to spread its malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This sneaky ransomware gang keeps changing tactics to spread its malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/","og_locale":"en_US","og_type":"article","og_title":"This sneaky ransomware gang keeps changing tactics to spread its malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-21T16:26:20+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This sneaky ransomware gang keeps changing tactics to spread its malware","datePublished":"2022-11-21T16:26:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/"},"wordCount":673,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/","url":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/","name":"This sneaky ransomware gang keeps changing tactics to spread its malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200","datePublished":"2022-11-21T16:26:20+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/fbc2c61a2d404f84a851fa931c2b0c1618bf7210\/2022\/02\/16\/dcea0eae-86e4-40d6-92c7-1f25e2d9ee0d\/getty-hacker-hands-on-a-keyboard.jpg?auto=webp&amp;width=1200"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-sneaky-ransomware-gang-keeps-changing-tactics-to-spread-its-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"This sneaky ransomware gang keeps changing tactics to spread its malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49394"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49394\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49394"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}