DeathRansom, one of the newest ransomware variants, had a questionable start to its campaign, but researchers believe the ransomware is now capable of encrypting files on victims’ computers. Previously, the ransomware would pretend to encrypt the files on victims’ computers, but actually just re-named files. Victims merely had to remove the .wctc extension that was added to the files and they would become usable again. Around November 20th, the ransomware was seen properly encrypting the files on victim’s computers. At the same time, a surge appeared on ID ransomware–a ransomware identification website. The surge is a sign that there were more samples of the ransomware being uploaded to the website. The distribution method is not currently known, and the initial surge seems to have slowed, but there is still a steady trickle of new victims being found.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is