Ransomware has been one of the top threats to organizations, contributing several millions of dollars to multiple organizations worldwide.
Most of these ransomware operators infiltrate the systems, steal sensitive data, and lock the systems with ransomware.
There have been a variety of ransomware activities in the past, such as WannaCry, GandCrab, and many others.
Most of the ransomware operators use custom-written ransomware for their operations. However, there has been a rise in Python-based ransomware variants in recent years.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
According to the K7 labs report, a recent ransomware sample was found and investigated. It turned out to be written in Python, which is not common. The ransomware binary was checked in VirusTotal and was detected by 47 antivirus providers.
The malicious file was found to be an executable file compiled in C++. Moreover, the executable file had a PDF icon as a means of disguising its original extension. To further investigate, the malicious PDF file was extracted with pyinstxtractor. Further analysis revealed the main source code file under the name “grinchv3.pyc”.
The script was written with several lines of code under a single class named “sweet.” The __init__ function of the class gathers additional information and performs the following functions.
Moreover, the encryption is started only after adding the unlock notes under the name “UNLOCK MY FILES.txt” on all the file paths that are about to be encrypted. For encryption, the Fernet Python cryptography module was used. After encrypting, a pop-up message is configured to be shown to the user.
All the encrypted files are under the extension “.enc” and remain unreadable after the ransomware encrypts them. Furthermore, the ransom notes include the email address of the attacker to contact for decryption.
K7 Security Labs has published a complete report about this new Python ransomware variant. It provides detailed information about this new Python-based ransomware source code, encryption methodology, and experimental and behavioral analysis.
| Hash | Detection Name |
| C967B8198501E3CE3A0E323B37D94D15 | Trojan ( 005af6051 ) |
Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a…
Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the vulnerability…
TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email containing…
BADBOX is a cybercriminal operation infecting Android devices like TV boxes and smartphones with malware…
Europol has published a groundbreaking report titled "Leveraging Legitimacy: How the EU’s Most Threatening Criminal Networks…
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National…