Over 100 organizations worldwide, most of which are small and medium-sized businesses, have been compromised monthly in attacks with the updated MedusaLocker ransomware variant dubbed "BabyLockerKZ" launched by suspected initial broker or ransomware cartel affiliate "PaidMemes" since 2022, according to The Register.
While Europe was mostly targeted in initial attacks that commenced in October 2022, PaidMemes ramped up malicious activity against Central and South America during the second quarter of 2023 before easing intrusions during the first quarter of this year, a report from Cisco Talos revealed. Further analysis showed that intrusions with BabyLockerKZ involved several attack tools, including Mimikatz and other network scanners, but PaidMemes' initial attack vector remains uncertain. "All we have is the credentials that we saw dumped that were coming out of the tooling that they were using. They were running this tool on systems that they compromised, and that tool would gather credentials and dump it out to a remote server that was open," said Cisco Talos Head of Outreach Nick Biasini.
