Ransomware variant from Vietnam being distributed to millions of devices

Ransomware variant from Vietnam being distributed to millions of devices

Aviation equipment major ASCO suffers ransomware attack, shuts operations

A new ransomware variant is being spread to millions of people through phishing emails from Vietnam and other countries, according to Barracuda, a security research firm.

Even though Barracuda has blocked 27 million phishing emails so far, the speed at which hackers are spreading the ransomware variant hasn't slowed.

The new ransomware variant is designed to take control over systems and demand ransom from affected users but as Barracuda researchers have observed, hackers behind the ransomware have no intention of keeping their world after receiving money from their victims.

This is because the ransomware variant comes with a single identifier which is being sent to all victims. This means that even after a victim pays a ransom, there is no way the hackers can identify the victim's system to send back decryption keys.

What makes the ransomware very dangerous is that like WannaCry, it is being sent to millions of users across the globe in the form of emails. In these emails, the sender is either listed as 'Herbalife' or a copier file delivery eg. 'copier@renauer.com'. Newer emails being sent by hackers bear the subject line “Emailing – <attachment name>.

Researchers have observed that while a bulk of such emails are being sent from Vietnam, many of them are also being sent from countries like India, Columbia, and Turkey and Greece. At the same time, hackers behind the ransomware are also changing the names of payload files and the domains used for downloading secondary payloads constantly to avoid being filtered by anti-virus engines.

As per available data, the new ransomware possesses various abilities that include an ability to encrypt files, download executables from a remote location, ability to use cryptography API, modify Windows initialisation files, deleting samples after the execution and ability to retrieve system default language identifier.

Copyright Lyonsdown Limited 2021

Top Articles

WhatsApp's New Privacy Policy Deadline Has Arrived

At the start of 2021, WhatsApp announced its privacy policy updates, sparking outrage and backlash from its consumers as WhatsApp will share personal information with its parent company, Facebook.

Overcoming the security challenge in remote working environments

The pandemic has changed the way we work. Remote working is no longer a nice-to-have for organisations, but a necessity especially if they want to attract the best talent.

President Biden pens Executive Order to boost US cybersecurity

US President Joe Biden signed an Executive Order this week to boost the cyber security of federal government systems and data.

Related Articles