RTM Locker, the newest RaaS provider that aids its affiliates

RTM Locker RaaS Ransomware as a Service Hacker Affiliates Cybercriminal Hackers

The newly emerged ransomware-as-a-service group, RTM Locker, offers a standard affiliate-based business model. However, the Read The Manual (RTM) Locker enforces its affiliates to follow an authoritarian rule that includes leave notifications and minimal activity within a specific duration. Once a member fails to observe these rules, the RaaS owners will lock or remove them.

Based on reports, the RTM Locker is a common RaaS that offers a web panel to its affiliates to organise their cybercriminal operations. The panel also gives its members details about the group’s rules, targets, and suggested attack strategies.

In addition, the RaaS model further enables its affiliates to add their victims, extort them, and track the campaigns through a data-release-timer prompt. Subsequently, these affiliates will receive the ransomware payloads to elevate their privileges, remove shadow copies, and stop AV and backup services before initiating the data encryption process.

The panel could also change the wallpaper of the targeted device, delete event logs and Recycle Bin contents, and run a shell script that could self-terminate the locker.

The RTM Locker admins also warned its affiliates to refrain from attacking critical sectors of the government and not to attract law enforcement agencies.

Based on reports, the RTM Locker group is trying its best to avoid getting the attention of relevant authorities, which could hinder their operations. Hence, the group leader advised its affiliates to avoid attacking the critical sector, such as hospitals, COVID-19-related operations, and morgues.

Furthermore, the group has also restricted its affiliates to different categories of the healthcare sector. The group leaders also exclude attacks on law enforcement agencies and other significant organisations.

However, if an attack happens, the RaaS group will force the attacker to remove all traces of their malware and negotiate with its victims on a separate infrastructure.

The RTM Locker group prioritises safety by avoiding relevant law enforcement agencies and government-backed cybersecurity authorities. Therefore, they have enforced strict rules that would ensure the longevity of their operations.

Experts warn organisations that the RTM Locker has self-destructive capabilities that could make threat analysis difficult.

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

RTM Locker, the newest RaaS provider that aids its affiliates

The RTM Locker admins also warned its affiliates to refrain from attacking critical sectors of the government and not to attract law enforcement agencies.

iZOOlogic

Leave a Reply Cancel Reply

Categories

Contact Us

Contact Us

Solutions

Company

Resources