Israeli cybersecurity firms Profero and Security Joe found tools used during the Ever101 attack. Ransomware is believed to be a variant of the Everbe or Paymen45 ransomware. Researchers believe some of the ransom payment went to an Ever101 operative in the USA, who then used the money to tip a masseuse. RubRatings is a website that allows “massage and body rub providers”” in the U.S. to advertise their services
Source: security