CosmicBeetle Ransomware Group Targets Small Businesses in Europe and Asia

A new ransomware group, dubbed CosmicBeetle, is targeting small and medium-sized businesses across Europe and Asia, according to a report from cybersecurity firm ESET. Despite being active since 2020, CosmicBeetle is considered an "immature" threat actor, known for using unsophisticated but harmful malware.

The group’s latest ransomware, ScRansom, has been in development since March 2023, but its first major attacks began in August. ScRansom is prone to errors during encryption, leading to potential permanent data loss for victims. However, its decryptor works, encouraging some victims to pay the ransom.

CosmicBeetle often impersonates larger ransomware groups, such as LockBit, to convince victims to pay. It exploits older vulnerabilities and uses brute-force attacks to access systems, primarily targeting industries like healthcare, finance, education, and technology.

ESET cautioned that CosmicBeetle’s reliance on tools from more established ransomware gangs reflects its "immature" status. Nonetheless, the group has been linked to several impactful attacks, including an attempt to compromise a manufacturing company in India earlier this year.

Researchers believe CosmicBeetle is a new affiliate of the RansomHub ransomware gang but note that its true origins remain unclear. Although some indicators point to links with Turkey, ESET has not confirmed this attribution.

CosmicBeetle’s continued development of ScRansom poses a growing threat to small businesses, especially those with weak cybersecurity measures in place.