deathgrip
Intelligence Profile
DeathGrip is a Ransomware-as-a-Service (RaaS) that emerged around June 2024, offering malware payloads built with leaked LockBit 3.0 and Yashma/Chaos builders. Designed to lower technical barriers, it enables even low-skilled operators to deploy highly capable ransomware attacks. DeathGrip campaigns typically employ AES-256 encryption, delete shadow copies and recovery features, and modify system settings to hinder restoration. Earlier infections include low-tier ransom demands (e.g., around $100), reflecting entry-level targeting, though its flexible tooling allows a range of payload configurations.
Threat Analysis
deathgrip is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like deathgrip prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.