1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This devious new ransomware encrypts itself to avoid your antivir

    From TechnologyDaily@1337:1/100 to All on Tue May 9 16:15:04 2023
    This devious new ransomware encrypts itself to avoid your antivirus

    Date:
    Tue, 09 May 2023 15:09:58 +0000

    Description:
    A dangerous new ransomware operator with some clever tricks is leaving antivirus tools frazzled.

    FULL STORY ======================================================================

    A new ransomware variant has been detected that is able to evade detection by encrypting itself.

    Cybersecurity researchers from risk and financial advisory solutions firm Kroll recently discovered a variant of the ransomware known as Cactus.

    Besides the usual operation - encrypting files and leaving behind a ransom note - the malware also has a unique way to avoid getting detected by antivirus programs and endpoint security solutions. Hard to spot

    As reported by BleepingComputer , the ransomware has three main modes of execution, one of which is encryption. Once the payload is deployed, the attackers would provide the malware a unique AES key only they know. This key is used to decrypt the ransomwares configuration file and the public RSA key they need to encrypt everything else on the target endpoint. The key comes as a HEX string hardcoded in the encryptors binary.

    By decoding the HEX string, the attackers obtain encrypted data which they
    can read if they have the AES key. Read more

    Hitachi Energy confirms data breach after being hit by Clop ransomware


    Hatch Bank says 140,000 customers had data stolen after breach


    Here's our rundown of the best firewalls

    CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools, Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer.

    What also makes Cactus interesting is that it has multiple modes of encryption, including a quick mode. If the operators decide to run both modes one after the other, the files will be encrypted twice and will get two file extensions.

    Very little is known about the Cactus ransomware operation. We dont know if any businesses are currently being attacked, or are negotiating a payout. Although unconfirmed, some reports claim the group asks for millions when demanding payouts. We also dont know how successful the group was in the
    past.

    As usual, the best way to protect against ransomware is to patch both
    software and hardware regularly, have cybersecurity solutions set up, and train your workforce on the dangers of phishing and social engineering attacks. These are the best endpoint protection tools right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-devious-new-ransomware-encrypts-itself-to- avoid-your-antivirus


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)