Marco A. DeFelice has been looking into a number of new ransomware groups that have recently poked their heads out. PT_Moisha is one of the new names, but they tell Marco they are an old group:
Aoyuan Healthy Life Group, with operational offices also in Sydney in Australia and in Toronto and Vancouver in Canada, is one of the 8 businesses that are part of the Chinese China Aoyuan Group (Aoyuan) based in Guangzhou in the Guangdong District. Aoyuan was founded in 1996 and in October 2007 was listed on the main board of the Hong Kong Stock Exchange. We recall that Aoyuan has its registered office in the “tax haven” of the Cayman Islands.
PT_Moisha after contacting us through qTox provided us with a sample of 90 files, for a total of about 200 MB of exfiltrated documents. In the hands of the PT_Moisha group there would still be a total of 200 GB of documents stolen during their stay in the computer networks of the Aoyuan Healthy Life Group.
Read more at SuspectFile.