Deathgrip
Known to be a RaaS
Description
DeathGrip is a Ransomware-as-a-Service (RaaS) that emerged around June 2024, offering malware payloads built with leaked LockBit 3.0 and Yashma/Chaos builders. Designed to lower technical barriers, it enables even low-skilled operators to deploy highly capable ransomware attacks. DeathGrip campaigns typically employ AES-256 encryption, delete shadow copies and recovery features, and modify system settings to hinder restoration. Earlier infections include low-tier ransom demands (e.g., around $100), reflecting entry-level targeting, though its flexible tooling allows a range of payload configurations.
| External Analysis |
| https://www.broadcom.com/support/security-center/protection-bulletin/deathgrip-emergence-of-a-new-ransomware-as-a-service |
| https://www.sentinelone.com/blog/deathgrip-raas-small-time-threat-actors-aim-high-with-lockbit-yashma-builders |
| https://www.enigmasoftware.com/deathgripransomware-removal/ |
| https://www.pcrisk.com/removal-guides/30382-deathgrip-ransomware |