The OnePercent Group: A Slightly Different Approach to Ransomware


A recent trend even amongst ransomware threats is that the FBI is issuing warnings regarding how dangerous it is or how difficult certain variants are. This particular threat—the OnePercent ransomware gang—is no exception. Let’s break down what you need to know about the OnePercent Group and how you can prepare to handle attacks not just from this threat, but most ransomware threats.

What is the OnePercent Group?

The OnePercent Group is a ransomware gang that has been targeting companies since November of 2020. The gang sends out emails in an attempt to convince users to download an infected Word document in a ZIP file. These types of social engineering tactics are surprisingly effective, as people often impulsively download files sent to them via email without thinking to check the sender or the source.

How Does the Threat Work?

Instead of encrypting data found on the infected device, this threat uses macros embedded in the Word document to install a Trojan horse threat on the user’s device. This threat, known as IcedID, is used to steal financial information or login credentials for banking institutions. Furthermore, IcedID can download other types of malware onto the user’s device.

Of particular note is that it can install another type of threat called Cobalt Strike, which is a penetration testing tool. Why would a hacker want this, you ask? It’s simple; it can be used to make a hacking attack that much easier and more efficient by identifying potential pathways for threats on the user’s device.

What’s the Timeline for the Attack?

Using the threats outlined above, OnePercent Group can get a lot of dirt on your business in a relatively short amount of time. After they have collected this information, they issue a ransom note demanding that the victim pay up within a week or risk their data being released online. If the victim refuses to pay up, the group pesters the victims through email and phone calls to pressure them into taking action. If the victim still refuses to pay, they release 1% of the data on the Dark Web. Further resistance leads to the group selling the data to other data brokers on the Dark Web to be sold to the highest bidder.

It just goes to show that as soon as you think you know a threat, they switch things up and try something new. While it can be stressful keeping up with the countless threats found in the online world, it sure is never boring.

Secure Your Business Today

Don’t let the fear of ransomware keep your business from functioning the way it’s supposed to. NuTech Services can help your organization secure its infrastructure and other critical data. To learn more, reach out to us at 810.230.9455.