VERY IMPORTANT

The Underground ransomware gang is conducting global attacks against companies across various countries and industries. First identified in July 2023, the group resurfaced in May 2024 with a new Dedicated Leak Site. Their targets include multinational corporations from diverse sectors, with annual revenues ranging from $20 million to $650 million. The ransomware uses a combination of RNG, AES, and RSA encryption techniques, with each file encrypted using a different AES key. The malware is designed to leave insufficient traces for decryption in the local environment. It categorizes files based on size and employs a striping method for larger files. The ransomware also deletes shadow copies, restricts remote desktop connections, and stops interfering services before encryption.