Home

Mar 20, 2017

RanRan Ransomware Targets Middle East Governments


The researchers at Palo Alto Networks have recently come across a new ransomware which was used in some targeted attacks which are aimed at multiple government organisations in the Middle East. Rather than asking for money, the attackers in this campaign are instructing the victims to make a political statement on their own website.

Category:IT 

The researchers at Palo Alto Networks have recently come across a new ransomware which was used in some targeted attacks which are aimed at multiple government organisations in the Middle East. Rather than asking for money, the attackers in this campaign are instructing the victims to make a political statement on their own website.

The ransomware, named “RanRan,” and it is designed to encrypt different types of files that are stored on the infected systems, including archives, documents, executables, images, databases, logs, source code and video files. It assigns a .zXz extension to the encrypted files and a HTML file containing instructions to teach the user how to recover the files is dropped onto the device.

Victims are said not to shut down their computers or run any kind of antivirus program as this may lead to “accidental damage on files.” Unlike any other ransomware, which typically asks the user for money, this threat group behind the RanRan instructs the victims to create a subdomain which contains a politically inflammatory name on their website.

The victims are also instructed to upload to the mentioned subdomain a file which is named “Ransomware.txt” with the text “Hacked!” and their own email address.

“By performing these actions, the victim, a Middle Eastern government organisation, has to generate a political statement against the leader of the country,” said Palo Alto Networks researchers. “It also forces the victim to publicly announce that they have been hacked by hosting the Ransomware.txt file.”

Palo Alto Networks has not named any of the targeted government organisations and it has not made links to known threat groups. However, the security firm did say that it had not found any connection between these attacks and the recent Shamoon 2 campaign.

According to the researchers, RanRan malware is not so sophisticated and the developers have made some mistakes when implementing the file encryption mechanism, which appears to be based on publicly available source code.

authorarticle: Master3395

image: 

keywords: RanRan, Ransomware, Malware

Previous Article
Next Article

Sponsored Ads:

Discord

Page 1 of 528  >  >>

Now it has been revealed that Apple is finally going to do it

apple.jpg

Jun 5, 2020 | Category: Apple | Comments

Many will save a good deal on Apple's entertainment package.

read more…

Brand new iPad Pro is coming early next year

apple.webp

Jun 4, 2020 | Category: Apple | Comments

It might be next year's iPad Pro you're really waiting for, and not the weak update this year.

read more…

Western Digital's NAS disk is slaughtered in testing

wd.webp

Jun 3, 2020 | Category: IT | Comments

These are consumer counters! Mass litigation on the way.

read more…

Page 1 of 528  >  >>