In November 2024, an Asian software and services company fell victim to an RA World ransomware attack orchestrated using a sophisticated toolset linked to China-linked APT groups. This included the deployment of the PlugX malware, traditionally associated with espionage, rather than financial gain. The attackers exploited a vulnerability in Palo Alto PAN-OS, compromised credentials, and extracted data from Amazon S3 before launching the ransomware. A ransom demand of $2 million was issued, which was to be halved if paid promptly within three days. This incident not only disrupted the company's operations but also placed sensitive data at risk, implying potential financial and reputational damages for the organization. The involvement of tools usually linked to nation-state threat actors raises complex questions around the motives behind the attack, whether for financial gain by individuals or as a state-sponsored operation seeking to mask espionage activities under the guise of ransomware.
Source: https://securityaffairs.com/174189/apt/ra-world-ransomware-attack-china-apt-possible-link.html
"id": "mir000021525",
"linkid": "miraclesoft",
"type": "Ransomware",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"