RA World is a ransomware group that emerged in April 2023, rebranding from its earlier identity as RA Group. Its primary motivation is financial gain through a multi-extortion scheme, which involves both encrypting victim data and exfiltrating sensitive information to leak on dark web sites if ransom demands are not met. What distinguishes RA World is its unique tactic of including a list of past victims who refused to pay in their ransom notes to pressure new targets, alongside an experimental "cost per customer" calculation. The group notably evolved its targeting, initially impacting healthcare organizations before shifting focus to the manufacturing sector by mid-2024. While no confirmed country of origin exists for RA World, some of its activities in late 2024 and early 2025 involved the use of tools previously associated with China-linked advanced persistent threat groups, suggesting a possible, though unverified, connection.

Paises afectados

URLs nuevas detectadas en IntelTracker