Unusual 'PureLocker' Ransomware is Attacking Enterprise Servers - santanafaccons
Cyber-security researchers at Intezer Labs and IBM X-Strength have unconcealed an unusual ransomware that's reportedly being used for targeted attacks against initiative servers. Named PureLocker because its written in PureBasic, the malware has manifestly been traced plunk for to a well-known Malware-as-a-Service (MaaS) supplier utilized by the Cobalt Mob and FIN6 attack groups.
According to the official web log post from Intezer Labs malware researcher, Michael Kajiloti, code reuse analysis shows that the malware is closely kin to the 'more_eggs' back door malware, which is sold on the dim web and has been used by multiple threat actors already. As per the theme, the attack is targeted at some Windows and Lixus servers, but the malware has evaded detection for weeks by copying some of the code from the aforementioned backdoor.
Unitedly with @IBMSecurity we consume known a new, undiscovered #ransomware being used in targeted attacks against enterprise production servers. Code reuse analysis points its origins to a MaaS provider utilized by #CobaltGang & #FIN6 assail groups. https://t.atomic number 27/S9U4X2dlQi
— Intezer (@IntezerLabs) November 12, 2022
As mentioned already, the ransomware is written in the PureBasic programing language, which makes it a rather unwonted phenomenon in the malware domain. However, accordant to Kajiloti, the unusual choice poses advantages for the assailant, because "AV vendors have trouble generating reliable detection signatures for PureBasic binaries". Additionally, PureBasic code is portable between Windows, Linux, and OS-X (macOS), devising it easier to place different platforms.
It's non in real time clear every bit to how exactly the malware is beingness delivered to victims, but systems infective with it are receiving ransom notes that bear an netmail address to negotiate a fee for decrypting the files. The victims are apparently also beingness told that they feature only seven days to make up the ransom, failing which, the private key will represent deleted, interpretation the locked files lost.
Intezer Labs has published a detailed, technical post about the malware and its MO, and you pot access all that info via the connectedness above.
Source: https://beebom.com/purelocker-ransomware-attacking-servers/
Posted by: santanafaccons.blogspot.com
0 Response to "Unusual 'PureLocker' Ransomware is Attacking Enterprise Servers - santanafaccons"
Post a Comment