Post

Ransomware Gangs Employ Skitnet Malware for Covert Data Theft and Remote Access

Ransomware operators are increasingly utilizing Skitnet malware for post-exploitation data theft and remote access, posing significant cybersecurity threats.

Posted
By Tom Grant
1 min read
Ransomware Gangs Employ Skitnet Malware for Covert Data Theft and Remote Access

TL;DR

Ransomware operators are utilizing Skitnet malware for post-exploitation data theft and remote access. This malware has been available on underground forums since April 2024 and has seen increased usage by multiple ransomware groups since early 2025.

Ransomware Gangs Employ Skitnet Malware for Covert Data Theft and Remote Access

Several ransomware actors are leveraging a malware known as Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts. According to the Swiss cybersecurity company PRODAFT, “Skitnet has been sold on underground forums like RAMP since April 2024.” However, since early 2025, there has been a notable increase in the number of ransomware operators utilizing this malware1.

Key Features of Skitnet Malware

  • Data Theft: Skitnet is designed to exfiltrate sensitive data from compromised systems, allowing ransomware operators to gather valuable information.
  • Remote Access: The malware enables remote control over infected hosts, providing attackers with persistent access to compromised networks.
  • Stealth Operations: Skitnet operates covertly, making it difficult for security solutions to detect and mitigate its activities.

Underground Distribution

Skitnet malware has been available for purchase on underground forums such as RAMP since April 2024. This availability has contributed to its adoption by multiple ransomware groups, who use it to enhance their post-exploitation capabilities.

Implications for Cybersecurity

The increased use of Skitnet malware highlights the evolving tactics of ransomware operators. Organizations must remain vigilant and implement robust security measures to detect and mitigate such threats. Regular updates and patches, along with advanced threat detection systems, are crucial in defending against these sophisticated attacks.

For more details, visit the full article: The Hacker News

Conclusion

The rising use of Skitnet malware by ransomware groups underscores the need for enhanced cybersecurity measures. Organizations must stay informed about emerging threats and adopt proactive strategies to protect their data and systems from such advanced malware.

References

  1. (2025). “Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access”. The Hacker News. Retrieved 2025-05-19. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat-intelligence ransomware
This post is licensed under CC BY 4.0 by the author.