FBI Alert: “OnePercent Group” Ransomware

Home / Articles / External / Government

Source: Shutterstock, https://www.shutterstock.com/image-illustration/antivirus-security-concept-ransomware-virus-alert-662707930
Source: Shutterstock, https://www.shutterstock.com/image-illustration/antivirus-security-concept-ransomware-virus-alert-662707930

September 15, 2021 | Originally published by FBI on August 23, 2021

The FBI has learned of a cyber-criminal group who self-identifies as the “OnePercent Group” and who have used Cobalt Strike to perpetuate ransomware attacks against U.S. companies since November 2020. OnePercent Group actors compromise victims through a phishing email in which an attachment is opened by the user. The attachment’s macros infect the system with the IcedID1 banking trojan. IcedID downloads additional software to include Cobalt Strike. Cobalt Strike moves laterally in the network, primarily with PowerShell remoting.

Focus Areas