The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors.
LostTrust began attacking organizations in March 2023 but did not become widely known until September, when they began utilizing a data leak site.
Currently, the data leak site lists 53 victims worldwide, with some having their data leaked already for not paying a ransom.
It is unclear if the ransomware gang only targets Windows devices or if they utilize a Linux encryptor as well.
A rebrand of MetaEncryptor
MetaEncryptor is a ransomware operation that is believed to have launched in August 2022, amassing twelve victims on their data leak site through July 2023, after which no new victims were added to the site.
This month, a new data leak site for the 'LostTrust' gang was launched, with cybersecurity researcher Stefano Favarato quickly noticing it utilizes the same exact template and bio as MetaEncryptor's data leak site.
"We are a group of young people who identify themselves as specialists in the field of network security with at least 15 years of experience," reads a description on both the MetaEncryptor and LostTrust data leak sites.
"This blog and this work are ONLY commercial use, besides not the main one. We have nothing to do with politics, intelligence agencies and the NSB."
BleepingComputer also found that both the LostTrust [VirusTotal] and MetaEncryptor [ losttrust ransomware likely rebrand metaencryptor
