Saturday, November 2, 2024
HomeRansomwareIndian Hackers Group Hacked & Encrypt Pakistan Website Files Using KCW Ransomware

Indian Hackers Group Hacked & Encrypt Pakistan Website Files Using KCW Ransomware

Published on

Malware protection

One of the famous Indian Hacking group called “Kerala Cyber Warriors” compromised Pakistan based Welfare organization website and encrypt the website files using KCW Ransomware.

This group of hackers actively attacking over 1000 of Pakistan and Bangladesh based websites such as government websites, airport websites for various motivations.

KCW (Kerala Cyber Warriors) Ransomware used to encrypting the website files using encryption algorithm and then appends file names with .kcwenc to demand the ransom amount.

- Advertisement - SIEM as a Service

Attacker Initially defaced the website using the existing vulnerabilities in the website such as SQL injection and then find the loopholes in order to access the files.

Also Read: Ransomware Attack Response and Mitigation Checklist

Once they reached the web file then inject the ransomware called KCW(Kerala Cyber Warriors) to Start the encryption process.

One of the security  Researchers initially reported on Twitter said, “Interesting story behind it involving Indian cyber-vigilantes compromising Pakistani web hosts. A complete mess dev-wise, but cool backstory. Hadn’t seen this until today.”

Most of the import files that belong to compromise website has been locked and changes file extension as ..kcwenc. Not all the files have been encrypted, there are some folder files still can be publicly accessible by anyone.

Hackers leave the ransom note in the file name called kcwdecrypt.php that contain a complete information about the contact, who they are and how many of them were involved in this attack with each person’s dummy name.

GH057_R007 | 8L4CK_P3RL | F0R81DD3N_H4CX3R | RED LIZARD | S3CU617Y_R1PP36 | 4N0N_5P1D3R | RED_LIZARDCH@CH_4-RC7 | M3GA_M1ND | D0PP3l_64N63R | K1LL3R_C0BR4{PP} | C0D3_PH03N1X | 5H4D0W_HUN73rB4HZ1 | 4S7R4 | V33R4PP4N | C47_HUN73R | CJ_N4P573R | 5H1VJ1_M4H4R4J | PH4N70M

Basically ransomware attacks main motivation will be money and the hackers usually demand anonymous cryptocurrency such as Bitcoin, but this attacker didn’t demand any ransom amount instead of the request to contact them for the decryption key.

Also, they have given the contact information that point out to their Facebook Page and the main motivation of this attack was unclear. and also their hackers team has been listed on Wikipedia page.

The compromised website is still not has been recovered and the website owners are not taking any action regarding this attack.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks

Recent cyberattacks involving Akira and Fog threat actors have targeted various industries, exploiting a...

Four Evil Ransomware Operators Sentenced For Hacking Enterprises

The St. Petersburg Garrison Military Court has sentenced four individuals involved in a notorious...

Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial...