The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021.
NoEscape launched in June 2023 when it began targeting the enterprise in double-extortion attacks. As part of these attacks, the threat actors steal data and encrypt files on Windows, Linux, and VMware ESXi servers.
The threat actors then threaten to publicly release stolen data if a ransom is not paid. BleepingComputer is aware of NoEscape ransomware demands ranging between hundreds of thousands of dollars to over $10 million.
Like other ransomware gangs, NoEscape does not allow its members to target CIS (ex-Soviet Union) countries, with victims from those countries receiving free decryptors and information on how they were breached.
At this time, the ransomware gang has listed ten companies from different countries and industries on their data leak site, illustrating that they are not targeting a particular vertical.
