This devious ransomware is now more dangerous than ever
Encrypting files apparently isn’t enough for Hello XD ransomware
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
With new obfuscation techniques, and attack capabilities, the Hello XDransomwareis now more dangerous than ever before, Unit 42, Palo Alto Networks’ cybersecurityarm, has found.
The group discovered Hello XD now features a new encryptor featuring custom packing, that helps themalwarestay hidden. What’s more, it comes with new changes to the encryption algorithm. Instead of the modified HC-128 and Curve25519-Donna, this newly discovered version comes with Rabbit Cipher and Curve25519-Donna. Furthermore, the file marker no longer features a coherent string, but rather carries random bytes, further strengthening the cryptography.
Also, the strain carries a link to an onion site, but according to researchers, the site is currently offline, possibly pending construction.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.
Deploying MicroBackdoor
Usually, ransomware operators do two things during their attack: exfiltrate all of the sensitive data to a location they can control, and encrypt everything they find on the target network. That way, in case the victim has a backup solution, they can still threaten to release sensitive data online, or sell it to a third party.
Hello XD takes it a step further, it was found, as besides the ransomware, the threat actor also deploys MicroBackdoor, an open-source backdoor that allows remote code execution, file exfiltration, and system modifications.
Most ransomware victims pay up, but many never recover their data>Ransomware actors have found a new way to make victims pay up>This weird ransomware can only be decrypted by going to the Roblox store
The malware’s executable is encrypted with WinCrypt API, and embedded within the ransomware payload, it was said. It also doesn’t have a specific amount of money in mind, that it seeks to gain in exchange for the decryption key. Instead, it tells victims to open up a TOX chat service and start a negotiation process.
Hello XD was first spotted late last year, when researchers described it as a spin-off from the then-popular Babuk ransomware. This newly discovered version, however, is a significant step away from Babuk, suggesting that the threat actors behind it plan on developing it further.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To stay safe from cyberattacks, businesses are urged to educate their employees on the dangers of phishing, keep their software up to date, and set up a strong antivirus andfirewallsolution.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
