“TommyLeaks” and “SchoolBoys” ransomware gangs are the same, researchers say

Share post:

Security experts said two new extortion gangs called “TommyLeaks” and “SchoolBoys” are the same ransomware gang.

TommyLeaks ransomware gang was uncovered by security researcher MalwareHunterTeam in September, while SchoolBoys ransomware gang was uncovered in October by the same researcher.

On why the two ransomware gangs are believed to be the same, the two groups used the same Tor chat system for their negotiation sites. The same chat system was previously only used by the Karakurt extortion group.

Also, in a SchoolBoys negotiation chat shared with BleepingComputer, the threat actors greeted their victim as “TommyLeaks” in their attempts to coerce a ransom payment.

It remains unclear why they use two different names in their operation although the researchers believe they may be trying a similar approach used by Conti and Karakurt.

TommyLeaks claims to break into corporate networks, steal data and demand ransoms between $400,000 and $700,000. SchoolBoys claims to steal data and encrypt victims’ devices as part of their attacks. Investigation also showed that SchoolBoys ransomware encryptor was created using the leaked LockBit 3.0 builder.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways