NoEscape ransomware gang

Threat Actor

NoEscape is a ransomware-as-a-service operation that appeared in May 2023 and takes a double-extortion approach. That means instead of simply infecting victims' machines with malware, encrypting their files and demanding a ransom to release the data, the crooks first steal the files before locking them up. They threaten to leak the information, as well as withhold the decryption keys, if the victims don't pay the ransom.

NoEscape operators do not target organizations based in the former Soviet Union. This is a similar MO to other ransomware groups, such as the now-defunct Conti and Black Basta, which also avoid infecting Russian companies and government agencies. The gang is believed to be a rebrand of Avaddon – another ransomware crew that shut down and released its decryption keys in 2021, according to Bleeping Computer.

NoEscape hackers have taken credit for attacks on Germany’s bar association and Hawaiʻi Community College as well as Australian companies, a hospital in Belgium, a manufacturing company in the US and another manufacturing company in the Netherlands.

Incidents Associated with this Threat

Malware Used by this Threat Actor

No malware identified for this threat actor.