• Home
  • News
  • RA World Ransomware Breaches Two

RA World Ransomware Breaches Two

Bogdan Pătru

By Bogdan Pătru . 4 April 2024

Tech Writer

Miklos Zoltan

Fact-Checked this

Novel RA World ransomware announced 2 German-based victims recently. These are KICO and Innomotive Systems. The hackers didn’t post too many details about the operations, aside from a short summary of each victim and how much data they’ve stolen.

  • RA World came public in April 2023 but gained a fast reputation as a dangerous ransomware actor
  • The group has laid low for several months and started ramping up its activity more visibly toward the end of 2023
  • Little is known about the organization other than the fact that it uses the source code of the Babuk ransomware
  • The cybercriminal uses the double extortion method to force the victims to pay the ransom

While ransomware attacks are usually unsuccessful, in the sense that the victims refuse to pay the ransom, they are a real threat to private and state companies. The hackers will use every trick in the box to gain access to the victim’s system and steal their data.

Once that is achieved, they will resort to intimidation and blackmail to coerce the victim into paying the ransom. Which, experts warn, does nothing in most cases. While the hackers will provide the victim with the decryption key, they won’t do the same for the data.

The agreement is usually that the attackers will delete the data, but that hardly ever happens. Instead, they either keep it for later use, sell it, or even share it for free with other cybercriminal groups.

X showing the RA World attack on the 2 victims
https://twitter.com/FalconFeedsio/status/1775387754907541716

This is why most cybersecurity experts recommend a no-negotiation policy. Don’t contact the hackers, don’t negotiate, don’t compromise. This, of course, means taking the hit that comes with the confidential data leaking publicly.

But that will happen anyway, whether you pay the ransom or not.

Who is RA World?

RA World is a newcomer in the ransomware sphere and was previously known as RA Group. The RA World hackers started operating in April, 2023, and gained a lot of popularity since. The organization proved itself to be very resourceful and dangerous.

Unlike other ransomware groups, RA World started their cybercriminal activity in full force. They attacked high-value targets from the get-go and showcased an impressive amount of success, at least in terms of breaching the victims’ defenses.

The organization first targeted US and Korea-based targets almost exclusively, prioritizing several industries during the first few months. These include manufacturing, wealth management, the financial sector, and the pharmaceutical industry.

Slowly but surely, they became active at a global scale, hitting targets across several countries, including Germany, India, and Taiwan. The true identity of the hackers is still unknown, as is their structure and funding.

As is the case with most novel ransomware actors that gain traction fast, the theory is that the organization is a cover-up for more resourceful powers. It’s not a new theory, as top cybercriminal groups often use new names as cover-ups to hide their activity.

That being said, this theory is unsupported, which means that the likeliest alternative is that RA World is a legitimate ransomware group. One that grows fast and poses an increased danger to private and public institutions alike.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment