A ransomware gang, Hellcat, that emerged in 2024 is being seen as representative of a new type of threat actor using off-the-shelf malware and innovative extortion techniques.
According to cybersecurity company Cato Networks: “Hellcat’s emergence in 2024 marks a troubling shift in the landscape of cybercrime. By leveraging a ransomware-as-a-service (RaaS) model and utilizing double extortion tactics, Hellcat has not only increased the accessibility of ransomware but also heightened the psychological impact on its victims.”
In November, Hellcat infiltrated an internal project management system at French energy company, Schneider Electric SE, compromising 400,000 rows of user data and exfiltrating over 40GB of sensitive information. Among the leaked data were 75,000 unique email addresses and full names of Schneider Electric employees and customers. Bizarrely, the Hellcat ransomware group demanded $125,000 USD in “baguettes”, in what is seen as an attempt to make the company appear ridiculous.
“Humiliation is a major psychological tactic”
Cato Networks chief security strategist, Etay Maor, said: “Humiliation is a major psychological tactic leveraged by Hellcat.”
In November, Hellcat targeted an unnamed US university with annual revenue exceeding $5.6 billion. The ransomware gang posted root access to the university’s server for sale on dark web forums for the “low cost” of $1,500 USD. Such access could compromise student records, financial systems, and critical operational data, potentially leading to severe reputational damage and legal consequences for the institution. At around the same time, the ransomware group advertised root access to the Iraq city government’s servers for $300 USD.
While the sums being charged for access to victim organizations may seem relatively low, this does little to negate the potential reputational and fiscal damage such cyber-attacks can wreak on organizations. The use of RaaS has significantly lowered the barrier to cybercrime, removing the need for ransomware gangs to invest in hackers with special skills or to develop bespoke malware in-house.
The wide availability of do-it-yourself ransomware kits means that even relatively inexperienced hackers are now targeting firewalls and critical infrastructure, using double extortion tactics aimed at humiliating the victim organization while simultaneously exerting public pressure.
“This gang’s focus on sectors such as government, education, and energy highlights the critical need for enhanced cybersecurity measures and vigilance to protect against this emerging ransomware gang. The ongoing battle against ransomware requires constant adaptation and awareness to outsmart these increasingly sophisticated cybercriminals,” warns Cato Networks.
