A new Trojan written in the Go programming language has pivoted from attacks against government agencies to US schools. The research team from BlackBerry Threat Research and Intelligence said on Wednesday that the malware, dubbed ChaChi, is also being used as a key component in launching ransomware attacks. According to Intezer, there has been roughly a 2,000% increase in Go-based malware samples over the past few years. “As this is such a new phenomenon, many core tools to the analysis process are still catching up,” BlackBerry noted. “This can make Go a more challenging language to analyze.”
ChaChi: a new GoLang Trojan used in attacks against US schools
Go malware is not only harder to analyze with the current state of analysis tools, but can also be harder for ML based antivirus like BlackBerry’s product Cylance Protect to detect. The best practices for defending against ransomware are to have employees well trained to spot and report phishing emails, use an enterprise email filtering solution, keep up to date with patches of security vulnerabilities in software, use EDR and implement behavioral detections that could detect the first stage of the attack before ransomware is deployed. To prepare for mitigation and recovery, it is important to maintain proper backups, keeping three copies of backup data with two on separate media devices and one off-site, and have a robust incident response plan to help get your organization back up and running quickly if a ransomware attack happens despite these measures.