The group was discovered recently through Sysdig honeypots as it attempted to exploit a Laravel vulnerability.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Sysdig has discovered a Romania-based ransomware group, Rubycarp, that has been active for a decade. The group deploys a botnet using public exploits and brute force attacks, communicates via public and private IRC networks, and uses its botnet for financial gain. Rubycarp targets Laravel vulnerabilities and uses post-exploitation tools like phishing.

Sysdig digs up a ransomware gang in stealth for over a decade