VERY IMPORTANT

We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems (NAS servers). We have now identified a new QNAPCrypt sample which is being used by the same threat actor group. The authors behind this new ransomware instance have revealed enough evidence for us to conclude the establishment of FullofDeep, a Russian cybercrime group operating from the Union State and the Ukraine. The group is mainly focused on ransomware campaigns.