NoEscape was a RaaS operation active from May to December 2023 believed to be a rebrand of the defunct Avaddon ransomware, targeting professional services, manufacturing, and healthcare with triple-extortion capabilities (encryption, data theft, and optional DDoS), before abruptly shutting down in an apparent exit scam.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
rule Linux_Ransomware_NoEscape_6de58e0c {
meta:
author = "Elastic Security"
id = "6de58e0c-67f9-4344-9fe9-26bfc37e537e"
fingerprint = "60a160abcbb6d93d9ee167663e419047f3297d549c534cbe66d035a0aa36d806"
creation_date = "2023-07-27"
last_modified = "2024-02-13"
threat_name = "Linux.Ransomware.NoEscape"
reference_sample = "46f1a4c77896f38a387f785b2af535f8c29d40a105b63a259d295cb14d36a561"
severity = 100
arch_context = "x86"
scan_context = "file, memory"
license = "Elastic License v2"
os = "linux"
strings:
$a1 = "HOW_TO_RECOVER_FILES.txt"
$a2 = "large_file_size_mb"
$a3 = "note_text"
condition:
all of them
}
Conversaciones de rescate divulgadas, con fines de estudio defensivo. Contactos, enlaces y wallets redactados.
--------------------------------------------------------------------------------
>>>>>>>>>>>>>>>>>> H O W T O R E C O V E R F I L E S <<<<<<<<<<<<<<<<<<
--------------------------------------------------------------------------------
$$\ $$\ $$$$$$$$\
$$$\ $$ | $$ _____|
$$$$\ $$ | $$$$$$\ $$ | $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$\
$$ $$\$$ |$$ __$$\ $$$$$\ $$ _____|$$ _____| \____$$\ $$ __$$\ $$ __$$\
$$ \$$$$ |$$ / $$ |$$ __| \$$$$$$\ $$ / $$$$$$$ |$$ / $$ |$$$$$$$$ |
$$ |\$$$ |$$ | $$ |$$ | \____$$\ $$ | $$ __$$ |$$ | $$ |$$ ____|
$$ | \$$ |\$$$$$$ |$$$$$$$$\ $$$$$$$ |\$$$$$$$\ \$$$$$$$ |$$$$$$$ |\$$$$$$$\
\__| \__| \______/ \________|\_______/ \_______| \_______|$$ ____/ \_______|
$$ |
$$ |
\__|
WHAT HAPPEND?
Your network has been hacked and infected by NoEscape .DHFGGEDADE
All your company documents, databases and other important files have been encrypted
Your confidential documents, personal data and sensitive info has been downloaded
WHAT'S NEXT?
You have to pay to get a our special recovery tool for all your files
And avoid publishing all the downloaded info for sale in darknet
WHAT IF I DON'T PAY?
All your files will remain encrypted forever
There is no other way to recover yours files, except for our special recovery tool
All the downloaded info will publishing for sale in darknet
Your colleagues, competitors, lawyers, media and whole world will see it
I WILL TO PAY. WHAT SHOULD I DO?
You need to contact us:
1. Download and install TOR browser [redactado]
2. Open link in TOR browser [redactado]
3. Enter your personal ID and follow the instructions
Your personal ID:
[snip]
-------------------------------------------------------------------------------------------------
WHAT GUARANTEES DO WE GIVE?
We are not a politically company and we are not interested in your private affairs
We are a commercial company, and we are only interested in money
We value our reputation and keep our promise
WHAT SHOULD I NOT DO?
! Don't try modify or recover encrypted files at yourself !
! Only we can restore your files, the rest lie to you !TALENTUM is an EMPLOYMENT SERVICE company, with approval from the Ministry of Labor since March 2005. We have a Guarantee policy to ensure the payment of salaries, social ...
Gasmart is a gasoline group in the northwest of the country as well as the shoal. Gasmart services are mechanical review, routine maintenance, and payment wise strategy. Th...
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| TALENTUM Temporal SAS | CO | Business Services | — | 24 nov 2023 |
| Gasmart Organization | MX | Energy | — | 23 oct 2023 |
| Central University of Bayamón | PR | Education | — | 23 oct 2023 |
| Gasmart | MX | Consumer Services | — | 17 oct 2023 |
| El Colegio De San Luis | MX | Education | — | 3 oct 2023 |
| EDUCAL, SA de CV | MX | Education | — | 14 sept 2023 |
| Fiocruz | BR | Healthcare | — | 25 ago 2023 |
| Protactics | CO | Business Services | — | 12 jul 2023 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
The Central University of Bayamón is accredited by the Middle State Commission on Higher Education (MSCHE), Commission on Accrediting of the Association of Theological Scho...
Gasmart is a gasoline group offers mechanical review, routine maintenance, and payment wise strategy.The company's network was successfully encrypted and compromised.The gu...
Welcome to the page of El Colegio de San Luis, a Public Research Center that is part of the System of Public Research Centers of the National Council of Science and Technol...
EDUCAL was established on January 29, 1982 as a public limited company with variable capital, with the corporate purpose of designing teaching materials that supported the National Educational System. In 1987 he was assi...