1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Two major hacking groups are teaming up for dangerous new ransomw

    From TechnologyDaily@1337:1/100 to All on Tuesday, November 12, 2024 16:45:05
    Two major hacking groups are teaming up for dangerous new ransomware attacks

    Date:
    Tue, 12 Nov 2024 16:32:00 +0000

    Description:
    There appears to be a new ransomware player in the game.

    FULL STORY ======================================================================Research ers spotted a brand new Ymir ransomware This new strain teamed up with a
    group deploying infostealers There is a chance that the entire operation was done by a single actor

    Two hacking groups have been recently observed working together to infect a victim - one to establish initial persistence and steal information, and one to encrypt the systems and demand a ransomware payment.

    Researchers from Kaspersky recently investigated one such incident in Colombia, where the unnamed company first got infected by RustyStealer, an infostealing malware capable of grabbing login credentials, sensitive files, and more.

    This part of the attack was likely conducted by one set of criminals who,
    once their part was done, handed the access over to a second group. Single actor?

    The second group first made sure its encryptor doesnt trigger any antivirus
    or antimalware alarms. To that end, they installed different tools, such as Process Hacker and AdvancedIP Scanner. Eventually, after reducing system security, the adversary ran Ymir to achieve their goals, the researchers conclude.

    Ymir is the name of both the encryptor and the threat actor behind it, and is also a relatively new entrant in the ransomware space. The malware is quite unique, too, in that it operates entirely from memory, taking advantage of different functions such as malloc, memove, and memcmp to prevent being detected.

    While teamwork is not a foreign word in the world of cybercrime, there is
    also a slight possibility that this entire operation was done by a single actor. In that case, it would mark an entirely different approach to ransomware attacks, and possibly a notable shift in how ransomware attacks
    are conducted.

    "If the brokers are indeed the same actors who deployed the ransomware, this could signal a new trend, creating additional hijacking options without relying on traditional Ransomware-as-a-Service (RaaS) groups," Kaspersky researcher Cristian Souza said.

    In any case, it is possible that Ymir will grow into a formidable threat actor, infecting more companies in the months to come.

    Via The Hacker News You might also like Halliburton hit by cyberattack disrupting operations Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/two-major-hacking-groups-are-teaming-up -for-dangerous-new-ransomware-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)