A new logo ransomware operator active in the wild has been discovered, and even though it is a new participant, it is no longer easy to pay giant ransoms.
A new report through BleepingComputer in collaboration with cybersecurity intelligence firm AdvIntel looked at the group’s activities, encryption and methodology.
Apparently, the organization is comprised of experienced ransomware players from other operations. They joined forces in January of this year and do not function as RaaS, but as a personal organization with affiliates. At first, the organization used the ciphers of other criminals, namely BlackCat, but temporarily turned to proprietary solutions. The first encryptor of its kind is called Zeon.
Earlier this month, the organization switched from Zeon to Royal, that ransom note call and as a log extension for encrypted documents.
Mo is nothing out of the ordinary: attackers would first send a phishing email and urge victims to call them back. By calling, the attackers convinced victims to install remote access software and granted them access to the terminal (opens in new tab). After that, attackers would spread across the network, map and extract sensitive data, and encrypt all devices discovered on the network.
Victims would then locate a ransom email, README. TXT, in which they would get a Tor link where they could interact in negotiations with the attackers. Apparently, Royal is asking for between $250,000 and $2 million for the decryption key. During the negotiations, the attackers decrypted some files to show that their program was working and displayed the list of files they would post on the Internet if the requests were met.
So far, no victim has paid for the decryption key, so it is highly unlikely to know how successful the organization is. The site of the Royal leak has not yet been found.
Via: BleepingComputer (opens in new tab)
Sead is a veteran freelance journalist in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, knowledge gaps, legislation and regulations). During his career, which spans more than a decade, he has written for many media outlets in addition to Al Jazeera Balkans. He has also organized several modules on content writing for Represent Communications.
Google’s password removal tool is now available on Chrome and Android
This Android WhatsApp Fake Hijacks Accounts
New Zealand Tri-Series T20i Final Live Stream: How to Watch Cricket Online – NZ vs PAK
Subscribe to the TechRadar Pro newsletter to get all the news, opinions, features, and tips your business wants to succeed!
Thank you for signing up for TechRadar. You will get verification shortly.
There’s a problem. Refresh the page and check again.
TechRadar is part of Future US Inc. , a leading foreign media organization and virtual publisher. Visit our company (opens in a new tab).