Groove x RAMP : The relation between Groove, Babuk, RAMP, and BlackMatter

Groove x RAMP : The relation between Groove, Babuk, Payload.bin, RAMP, and BlackMatter

Hotsauce | S2W TALON

The relation graph of Groove, Babuk, Payload.bin, RAMP, and BlackMatter

  • Groove mentioned several cryptocurrency wallet addresses such as BTC, XMR and ETH. Those addresses are same as RAMP’s addresses mentioned on their leak site.
  • Groove used the file server same as BlackMatter and Babuk [2].
  • The operator of RAMP was linked to the operator of Babuk and Payload.bin [3].
Analyzed by Xarvis

Groove’s BTC, XMR and ETH == RAMP

  • BTC: 1EZhsp26j4ZfDfKyXpweUtGgrs3fnpPCEd
  • ETH: 0xF6a4906fA254ce0e9175E2C3418Dde999b99ed1F
  • XMR: 47GyLQAPw4Ee3WVTgCtSxwNcRinsEm3jdSX8FH4DLbjb5t79CJDxrK9gMNVJNDfCLEjhdJZyWCPBG5CkiTnGqMvnPgKTTV3
Comparison of cryptocurrency addresses between Groove and RAMP

Conclusion

  • In this post, we mentioned the fact of Groove and RAMP using the same cryptocurrency wallet address that was mentioned on their leak sites.
  • It is highly probable that the operator of RAMP, Groove and BlackMatter are the same or the same group.
  • We need to keep monitoring their activities to track the cryptocurrency wallet address that was mentioned by these ransomware.

Related articles by S2W TALON

[1] Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the Netherlands | by S2W | S2W BLOG | Sep, 2021 | Medium

[2] BlackMatter x Babuk : Using the same web server for sharing leaked files | by S2W | S2W BLOG | Sep, 2021 | Medium

The leaked data uploaded to the same web server by BlackMatter and Babuk

[3] [SoW] W2 Aug | EN | Story of the week: Ransomware on the Darkweb | by S2W | S2W BLOG | Aug, 2021 | Medium

Ransomware threat actors 2020–2021 (Rebranded Ransomware)

Groove x RAMP : The relation between Groove, Babuk, RAMP, and BlackMatter was originally published in S2W BLOG on Medium, where people are continuing the conversation by highlighting and responding to this story.

Article Link: Groove x RAMP : The relation between Groove, Babuk, Payload.bin, RAMP, and BlackMatter | by S2W | S2W BLOG | Sep, 2021 | Medium