IT | Mar 20, 2017 | Master3395
The researchers at Palo Alto Networks have recently come across a new ransomware which was used in some targeted attacks which are aimed at multiple government organisations in the Middle East. Rather than asking for money, the attackers in this campaign are instructing the victims to make a political statement on their own website.
The ransomware, named “RanRan,” and it is designed to encrypt different types of files that are stored on the infected systems, including archives, documents, executables, images, databases, logs, source code and video files. It assigns a .zXz extension to the encrypted files and a HTML file containing instructions to teach the user how to recover the files is dropped onto the device.
Victims are said not to shut down their computers or run any kind of antivirus program as this may lead to “accidental damage on files.” Unlike any other ransomware, which typically asks the user for money, this threat group behind the RanRan instructs the victims to create a subdomain which contains a politically inflammatory name on their website.
The victims are also instructed to upload to the mentioned subdomain a file which is named “Ransomware.txt” with the text “Hacked!” and their own email address.
“By performing these actions, the victim, a Middle Eastern government organisation, has to generate a political statement against the leader of the country,” said Palo Alto Networks researchers. “It also forces the victim to publicly announce that they have been hacked by hosting the Ransomware.txt file.”
Palo Alto Networks has not named any of the targeted government organisations and it has not made links to known threat groups. However, the security firm did say that it had not found any connection between these attacks and the recent Shamoon 2 campaign.
According to the researchers, RanRan malware is not so sophisticated and the developers have made some mistakes when implementing the file encryption mechanism, which appears to be based on publicly available source code.
Keywords: RanRan, Ransomware, Malware
Jul 21, 2019 | Category: General | Comments
The new display standard can take over HDMI
Last month, we wrote that a new version of the display connection standard DisplayPort is on its way. Now, all specifications are officially launched, although we probably have to wait at least another year before we start seeing products that support it.read more…
Jul 20, 2019 | Category: General | Comments
"All" gets better thanks to new Microsoft Edge.
With its entry into the Chromium world, Microsoft has been a great provider to the browser platform we are well acquainted with, including Google Chrome. The latest news means that all Chromium-based browsers are now getting closer to Windows 10.read more…