The RA World ransomware group, previously known as RA Group, has rapidly expanded its attacks globally, targeting healthcare in Latin America and industries in the US, South Korea, Germany, India, and Taiwan. Trend Micro reports the group’s sophisticated multistage cyberattacks manipulate group policy settings for maximum damage and evasion. Originating from leaked Babuk ransomware code, RA World uses double-extortion tactics and has evolved to deploy scripts that attempt to disable security measures like Trend Micro defenses and remove traces of the malware post-attack.