Security researchers at Cyble recently identified that the authors of ransomware now have access to a brand new malicious tool – AXLocker – which has the ability to encrypt and make the multitude of file types unusable.
As one of the most profitable and important malware families for threat Actors, ransomware has rapidly become one of the most important threat types.
There are three new ransomware families of the following were uncovered: AXLocker, Octocrypt, and Alice Ransomware.
Attackers behind the AXLocker ransomware steal the discord tokens and accounts of infected users. After encrypting files on the victim’s computer, a ransom note is portrayed. This note gives the victim instructions on how to obtain the decryption tool. Cyble researchers said via technical report.
Discord tokens stolen by hackers can be used to perform the following actions:
NFT platforms and cryptocurrency groups have turned to Discord as a preferred community for communication.
So, it’s obvious that an attacker could make use of the Discord moderator token as well as the tokens of other verified community members to carry out scams and steal funds through fraudulent use of them.
The new AXLocker ransomware has been marked as one of the most sophisticated malware since it steals Discord tokens of its victims along with encrypting the files of their victims.
While the threat actors who use this malicious tool do not possess any particular sophistication when it comes to their actions.
After the ransomware has been executed, it encrypts files by calling a function called startencryption() on the system which hides its presence by modifying the attributes of its files.
A startencryption() function is responsible for enumerating the available directories on the C:/ drive and finding files in them by using the code contained in the function.
The encryption process is controlled by looking for encryptable file extensions and excluding a list of directories from being encrypted.
This is followed by the ransomware calling the ProcessFile function, which will then execute the EncryptFile function that encrypts the system files of the victim by using the fileName as the argument.
The AES algorithm is used by AXLocker when encrypting files. However, the encrypted files do not have any extension appended to their filenames, so they appear with the same names as the original.
Then it uses a webhook URL through which it sends the following data to the Discord channel that’s under the control of the threat actors:-
While apart from this security analysts also detected two more ransomware families and here they are mentioned below:-
There is a RaaS (Ransomware-as-a-Service) business model behind both of this ransomware. All Windows versions are targeted by these new variants of ransomware.
Among the directories targeted by the malware for stealing Discord tokens are the following ones:-
However, it is important to note that although this ransomware is primarily directed at consumers, but, still it could pose a substantial threat to large communities and enterprises as well.
Here below we have mentioned all the recommendations offered by the experts:-
Managed DDoS Attack Protection for Applications – Download Free Guide
Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide.…
California-based Ring LLC endangered its customers’ privacy by allowing any employee or contractor to see…
Gigabyte systems have been identified by the Eclypsium platform for exhibiting suspicious backdoor-like behavior. This…
The third Beta version of Security Onion 2.4 is made available by Security Onion Solutions.…
The Leak discloses Address, Vehicle Identification Number (VIN), Email address, Phone number, Name, and Vehicle…
Dark Pink has successfully targeted 13 organizations across 9 countries, highlighting the extent of their…