Home

Mar 20, 2017

RanRan Ransomware Targets Middle East Governments


The researchers at Palo Alto Networks have recently come across a new ransomware which was used in some targeted attacks which are aimed at multiple government organisations in the Middle East. Rather than asking for money, the attackers in this campaign are instructing the victims to make a political statement on their own website.

The researchers at Palo Alto Networks have recently come across a new ransomware which was used in some targeted attacks which are aimed at multiple government organisations in the Middle East. Rather than asking for money, the attackers in this campaign are instructing the victims to make a political statement on their own website.

The ransomware, named “RanRan,” and it is designed to encrypt different types of files that are stored on the infected systems, including archives, documents, executables, images, databases, logs, source code and video files. It assigns a .zXz extension to the encrypted files and a HTML file containing instructions to teach the user how to recover the files is dropped onto the device.

Victims are said not to shut down their computers or run any kind of antivirus program as this may lead to “accidental damage on files.” Unlike any other ransomware, which typically asks the user for money, this threat group behind the RanRan instructs the victims to create a subdomain which contains a politically inflammatory name on their website.

The victims are also instructed to upload to the mentioned subdomain a file which is named “Ransomware.txt” with the text “Hacked!” and their own email address.

“By performing these actions, the victim, a Middle Eastern government organisation, has to generate a political statement against the leader of the country,” said Palo Alto Networks researchers. “It also forces the victim to publicly announce that they have been hacked by hosting the Ransomware.txt file.”

Palo Alto Networks has not named any of the targeted government organisations and it has not made links to known threat groups. However, the security firm did say that it had not found any connection between these attacks and the recent Shamoon 2 campaign.

According to the researchers, RanRan malware is not so sophisticated and the developers have made some mistakes when implementing the file encryption mechanism, which appears to be based on publicly available source code.

Category: IT
Posted by: Admin
authorarticle: Master3395
malware.jpg
video: 
youtube: 
sources: 
keywords: RanRan, Ransomware, Malware

Comments:

comments powered by Disqus

Return
Discord

Page 1 of 490  >  >>

The Instagram boss explains why they don't have a dedicated Instagram app

instagram.png

Feb 18, 2020 | Category: IT | Comments

But it is not very credible.

read more…

Apple is designing its own 5G antenna - probably in the iPhone 12

apple.jpeg

Feb 17, 2020 | Category: Apple | Comments

The company thinks Qualcomm's antenna is too large.

read more…

This has never happened before with mac

it.jpeg

Feb 16, 2020 | Category: IT | Comments

More malware threats on Mac than Windows.

read more…

Page 1 of 490  >  >>