Ransomware Group

RA Group

Also known as: RA World

Status: active • First seen 2023-0475+ known victims

RA Group used free ransomware code from Babuk to start their own criminal operation. They especially like attacking insurance companies and financial firms through their virtual machine servers.

Overview

RA Group is a ransomware operation that reuses Babuk source code. The group targets organizations through VMware vulnerabilities and focuses on financial and insurance sectors.

Target Industries

Manufacturing, Finance, Insurance, Pharmaceuticals

How They Attack

  • Babuk code reuse
  • VMware targeting
  • Double extortion
  • Data theft

Notable Victims

Insurance companies (2023), Pharmaceutical firms

Is your business exposed?

How to Protect Against RA Group

  1. 1.

    Patch VMware vulnerabilities immediately

  2. 2.

    Monitor for Babuk-derived ransomware indicators

  3. 3.

    Implement insurance sector security standards

MITRE ATT&CK Techniques

T1486, T1567, T1021, T1059

Related Groups

Babuk

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices