GOLD WISDOM

GOLD WISDOM is a group of financially-motivated cybercriminals that operate as an affiliate of GOLD SOUTHFIELD and distribute the REvil (aka Sodinokibi) ransomware. GOLD WISDOM were previously an affiliate of GOLD GARDEN's GandCrab operation but continued operating after that group's voluntary withdrawal from the market in May 2019. GOLD WISDOM heavily target managed service providers (MSPs) using stolen credentials to remote management and monitoring (RMM) platforms such as ScreenConnect. Access to these platforms is used to distribute REvil to the various organizations serviced by the MSP. The August 2019 attack against numerous State of Texas agencies via a compromised MSP was attributed by CTU researchers to GOLD WISDOM.