Mario Ransomware (888ca612-5629-4303-bca7-d6990006f654)
Mario ransomware is operated by Ransom House, a group that emerged in 2021. Ransom House initially claimed that they target vulnerable networks to steal data without encrypting files. However, the group has since adopted cryptographic lockers. The verbose ransom note content is the most unique part of Mario’s ESXi locker. The Ransom House actors provide very explicit instructions to the victim explaining what to do and how to contact the actors.[SentinelOne May 11 2023][Trellix RansomHouse February 14 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Ransomhouse Group (61fe900f-d317-41fb-aed8-7f1052acfc5e) | Tidal Groups | Mario Ransomware (888ca612-5629-4303-bca7-d6990006f654) | Tidal Software | 1 |