New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


90 Days, 8 New Ransomwares

In the past several weeks, more than a half a dozen new ransomwares have been found and analyzed by researchers. Some of them are ransomware as a service that is being spread by third parties. Here is a shortlist and explanation of the newest ones:

  • Avaddon Ransomware. Beginning in June, the phishing email sends messages like “Your New Photo?” or “Do You Like My Photo?” with a JavaScript downloader in the message body. It was reported to have over one million messages sent that mainly targeted U.S. organizations and was demanding at least $800 in bitcoin for decryption.
  • AgeLocker Ransomware, which reportedly uses the ‘Age’ encryption tool created by a Google employee. The attackers send an email demanding 7 BTC (approximately $64,000) for decryption. It is still unclear how the attackers are spreading AgeLocker.
  • Conti Ransomware, Conti appears to be the successor to the Ryuk Ransomware but with some added features. The new version can perform up to 32 simultaneous encryption efforts and conduct attacks on corporate networks. A unique feature is that it exploits the Windows Restart Manager to force a user into saving their files to maximize the damage.
  • ThiefQuest. ThiefQuest is a new ransomware that not only encrypts data but also installs a keylogger, a reverse shell, and attempts to wipe any cryptocurrency wallet related files.  
  • Wasted Locker. Found around may, it seems to be only targeting Fortune 500 companies in the U.S. and demands multimillion-dollar ransoms.
  • Try2Cry. This ransomware leverages infected USB flash drives and Windows shortcuts to spread its malware.
  • FileCry. Possibly named after the WannaCry malware, this new one-acts a little amateurish with its encryption algorithm being very plain. The decryption key is already available for free.
  • Aris Locker. This ransomware uses an AES-256 encryption algorithm to lock files and claims that if anyone is alerted, the encrypted data will be deleted forever. Aris Locker is spread through multiple techniques and demands a $75 ransom via BTC within the first week, or the price goes up.

Analyst Notes

While a good anti-virus software system can catch some of the simpler malware, the best defense from these or any ransomware program is not to get infected in the first place. The primary method of infection is still through phishing emails. Employees and individuals alike should go through some sort of education on how to recognize and delete these malicious messages. It is also advisable to retain the services of an organization that can monitor, detect, and defend an organization’s system. The team at Binary Defense is ready to partner with organizations to help secure their systems.

Source Article: