Saturday, October 12, 2024
HomeRansomwareA New Ransomware Attack Posed as Windows Activator Emerging in Wild With...

A New Ransomware Attack Posed as Windows Activator Emerging in Wild With Hidden Functions

Published on

Malware protection

A new ransomware distributed by attackers posing as a Windows Activator appearing to be distributed through external network drives. The ransomware found to be active from August 7th and spreading since then.

ransomware

Researchers from 360totalsecurity spotted the ransomware contains hidden configuration function and the information used for encryption. Once the ransomware execution started it executes a number of parameters to implement different functions.

Also, the Ransomware contains a hidden form that will be displayed by pressing F8, the configuration page lets users configure the following information.

- Advertisement - SIEM as a Service
The key of the encrypted file
The file name of extortion message
Extortion message
User’s personal id
The suffix of the added file
ransomware

Also, it contains “Exclude paths” which specifies the directories to be skipped, the excluded paths option contains the default windows files and programs path.

The encryption keys to be obtained form cosonar.mcdir.ru/get.php, in case if the fetch fails it uses default encryption key and the default user id to the process.

To implement the ransomware uses the open source library of CryptoPP and the AES algorithm used to encrypt the files.

Once the encryption completed it appends [.]keypass extension to all the files and asks victim’s to pay $300 within 72 hours to decrypt the files.

ransomware

The ransomware is a global problem it emerges as a lucrative revenue model for cybercriminals. Some ransomware’s also have worm-like capabilities which enable to spread across the network.

Also Read

HERMES Ransomware Spreading Through Password Protected Word Documents and XPS

Ryuk Ransomware Attack on various Enterprise Network Around the World & Earned $640,000

New KeyPass Ransomware Actively Attacking Around the World To Encrypt the Victim Files

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the...