FIVEHANDS is a new ransomware variant discovered by CISA (The Cybersecurity and Infrastructure Security Agency) that successfully attacks organizations. Threat actors use exploitation tools, SombRAT RAT (Remote Access Trojan), and publicly available penetration testing tools to obfuscate files, steal information, and then demand ransomware from the victim. Credential access and network discovery were done by the threat actors using publicly available tools.
FIVEHANDS ransomware is first used by the group and later on the victims are extorted through media attention and data sale threats. The group targets organizations in Europe and North America. They have also displayed advanced capabilities of evading detection and minimize post-intrusion forensics.