VERY IMPORTANT

The Underground ransomware, first observed in July 2023, targets Windows machines by encrypting files and demanding ransom. Attributed to the Russia-based RomCom group, it exploits CVE-2023-36884 and other common infection vectors. The ransomware deletes shadow copies, modifies RemoteDesktop settings, and stops MS SQL Server. It drops a ransom note and encrypts files without changing extensions. The group's data leak site lists 16 victims across various industries and locations. FortiGuard Labs provides protection against this threat through antivirus detection and other security solutions.