Ransomware variant from Vietnam being distributed to millions of devices

Ransomware variant from Vietnam being distributed to millions of devices

Aviation equipment major ASCO suffers ransomware attack, shuts operations

A new ransomware variant is being spread to millions of people through phishing emails from Vietnam and other countries, according to Barracuda, a security research firm.

Even though Barracuda has blocked 27 million phishing emails so far, the speed at which hackers are spreading the ransomware variant hasn't slowed.

The new ransomware variant is designed to take control over systems and demand ransom from affected users but as Barracuda researchers have observed, hackers behind the ransomware have no intention of keeping their world after receiving money from their victims.

This is because the ransomware variant comes with a single identifier which is being sent to all victims. This means that even after a victim pays a ransom, there is no way the hackers can identify the victim's system to send back decryption keys.

What makes the ransomware very dangerous is that like WannaCry, it is being sent to millions of users across the globe in the form of emails. In these emails, the sender is either listed as 'Herbalife' or a copier file delivery eg. 'copier@renauer.com'. Newer emails being sent by hackers bear the subject line “Emailing – <attachment name>.

Researchers have observed that while a bulk of such emails are being sent from Vietnam, many of them are also being sent from countries like India, Columbia, and Turkey and Greece. At the same time, hackers behind the ransomware are also changing the names of payload files and the domains used for downloading secondary payloads constantly to avoid being filtered by anti-virus engines.

As per available data, the new ransomware possesses various abilities that include an ability to encrypt files, download executables from a remote location, ability to use cryptography API, modify Windows initialisation files, deleting samples after the execution and ability to retrieve system default language identifier.

Copyright Lyonsdown Limited 2021

Top Articles

Scripps Health suffers a ransomware attack, suspends critical operations

Scripps Health recently suffered a ransomware attack that forced it to suspend user access to its online portal and applications and divert patient care operations.

Europe's $2b Amazon rival Glovo breached; Hacker selling customer accounts

Glovo suffered a breach of customer records after a hacker infiltrated an old administration panel interface.

Getting ready: Preparing to be interviewed by Jenny and Geoff

Thinking about joining one of our panels? Jenny and Geoff share their tips on how to get your message across to the teissTalk audience

Related Articles