There are large numbers of ransomware groups operating around the world, some of which have been conducting their nefarious work for years. There are older which are rather less long in the tooth, such as the recently formed SatanLock.
The group has been in existence for mere months, popping up in April this year. Responsible for a spate of attacks over a number of weeks, the ransomware group has announced that it is already shutting up shop. More than this, it plans to leak any data it has stolen.
Noted for the speed and ferocity of its attacks, the SatanLock group has claimed dozens of victims in its short existence. The reasons for the closure are not known, but the news was shared on the group’s dark web site, as Hackread notes.
A short message posted by the group reads:
SatanLock project will be shut down
The files will all be leaked today.
SatanLock is known to have links to other ransomware groups – such as Babuk-Bjorka and GD Lockersec – although the exact nature of the relationships is not really clear. It is possible that SatanLock is a subsidiary of a larger operation, but a report from Check Point shows a strong crossover in the data stolen from victims by other groups:
SatanLock is a new operation with public activity since early April. It has published 67 victims but as with many other new actors, more than 65% of them have been previously reported by other actors.
Lockbit has produced a decryption tool for victims of SatanLock ransomware attacks. While this is good news in terms of making it possible to get data back, if the data is to be leaked to the public, there could be massive repercussions.
With SatanLock having targeted victims in the education, healthcare, telecommunications, and legal sectors, there could be a huge amount of incredibly sensitive data involved.
