Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Rook

According to PCrisk, Rook is ransomware (an updated variant of Babuk) that prevents victims from accessing/opening files by encrypting them. It also modifies filenames and creates a text file/ransom note (HowToRestoreYourFiles.txt). Rook renames files by appending the .Rook extension. For example, it renames 1.jpg to 1.jpg.Rook, 2.jpg to 2.jpg.Rook.

Victims
 

9

First Discovered
victim

2021-12-07

Last Discovered
victim

2022-01-08

Avg Delay
between attack and claim

N/A

Infostealer
for victim with domain

N/A

View Victims on World Map

Known Locations (1)
Favicon Title Type Available Last Visit FQDN
favicon We Are Rook!!! No 2025-06-01 21:18:35 gamol6n6p2p4c3ad7gxmx3ur7wwdwlywebo2azv3vv5qlmjmole2zbyd.onion
Target (Available)
Top 5 Activity Sectors
Top 5 Countries
Heatmap (Available)
Ransom Notes (1)
Tools Used (Not Available)

No tools used available.

Vulnerabilities Exploited (0)

No vulnerabilities exploited available.

TTPs Matrix (0)

No TTPs available.

Negotiation Chats (0)

No negotiation chats available.

YARA Rules (0)

No YARA rules available.

Indicators of Compromise (IoCs) (0)

No IoCs available for this group.

Victims (9)
Logo
Abdi ibrahim Rook
Discovery Date: 2022-01-08
N/A
Logo
Evalueserve Rook
Discovery Date: 2021-12-28
N/A
Logo
DENSO Rook
Discovery Date: 2021-12-28
N/A
Logo
Data breach summary Rook
Discovery Date: 2021-12-26
N/A
Logo
Rossell Techsys(Data will be given tomorrow) Rook
Discovery Date: 2021-12-18
N/A
Logo
KMG Prestige, Inc. (Data will be given tomorrow) Rook
Discovery Date: 2021-12-18
N/A
Logo
Rosendahl Design Group Rook
Discovery Date: 2021-12-14
N/A
Logo
Rossell Techsys Rook
Discovery Date: 2021-12-14
N/A
Logo
KMG Prestige, Inc. Rook
Discovery Date: 2021-12-07
N/A