The cybersecurity researcher MalwareHunterTeam: Similarities in the leak and payment pages, and in operator behavior. Minerva: Malware maintains persistence via Windows Fax System.
The cybersecurity researcher MalwareHunterTeam explains that their ransomware belongs the the SFile family, most likely SFile2. Their start appearing around middle of last month.
The malware is downloaded and activated by one of the two files contained within the executable. Goal: to reduce the chance of being detected and stopped.
The cybersecurity expert MalwareHunterTeam: The group shut down them before encrypting files to prevent them from being locked and to avoid data corruption.