Ransomware variant from Vietnam being distributed to millions of devices

Ransomware variant from Vietnam being distributed to millions of devices

Aviation equipment major ASCO suffers ransomware attack, shuts operations

A new ransomware variant is being spread to millions of people through phishing emails from Vietnam and other countries, according to Barracuda, a security research firm.

Even though Barracuda has blocked 27 million phishing emails so far, the speed at which hackers are spreading the ransomware variant hasn’t slowed.

The new ransomware variant is designed to take control over systems and demand ransom from affected users but as Barracuda researchers have observed, hackers behind the ransomware have no intention of keeping their world after receiving money from their victims.

This is because the ransomware variant comes with a single identifier which is being sent to all victims. This means that even after a victim pays a ransom, there is no way the hackers can identify the victim’s system to send back decryption keys.

What makes the ransomware very dangerous is that like WannaCry, it is being sent to millions of users across the globe in the form of emails. In these emails, the sender is either listed as ‘Herbalife’ or a copier file delivery eg. ‘copier@renauer.com’. Newer emails being sent by hackers bear the subject line “Emailing – <attachment name>.

Researchers have observed that while a bulk of such emails are being sent from Vietnam, many of them are also being sent from countries like India, Columbia, and Turkey and Greece. At the same time, hackers behind the ransomware are also changing the names of payload files and the domains used for downloading secondary payloads constantly to avoid being filtered by anti-virus engines.

As per available data, the new ransomware possesses various abilities that include an ability to encrypt files, download executables from a remote location, ability to use cryptography API, modify Windows initialisation files, deleting samples after the execution and ability to retrieve system default language identifier.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]