Nevada Ransomware Operation

Threat Actor

(Feb'23): A relatively new ransomware operation known as Nevada seems to grow its capabilities quickly as security researchers noticed improved functionality for the locker targeting Windows and VMware ESXi systems.

Nevada ransomware started to be promoted on the RAMP darknet forums on December 10, 2022, inviting Russian and Chinese-speaking cybercriminals to join it for an 85% cut from paid ransoms. For those affiliates who bring in a lot of victims, Nevada say they will increase their revenue share to 90%.

RAMP has been previously reported as a space where Russian and Chinese hackers promote their cybercrime operations or to communicate with peers.

Incidents Associated with this Threat

Malware Used by this Threat Actor

No malware identified for this threat actor.