RanRan Ransomware Targets Middle East Governments

IT | Mar 20, 2017 | Master3395

The researchers at Palo Alto Networks have recently come across a new ransomware which was used in some targeted attacks which are aimed at multiple government organisations in the Middle East. Rather than asking for money, the attackers in this campaign are instructing the victims to make a political statement on their own website.

The ransomware, named “RanRan,” and it is designed to encrypt different types of files that are stored on the infected systems, including archives, documents, executables, images, databases, logs, source code and video files. It assigns a .zXz extension to the encrypted files and a HTML file containing instructions to teach the user how to recover the files is dropped onto the device.

Victims are said not to shut down their computers or run any kind of antivirus program as this may lead to “accidental damage on files.” Unlike any other ransomware, which typically asks the user for money, this threat group behind the RanRan instructs the victims to create a subdomain which contains a politically inflammatory name on their website.

The victims are also instructed to upload to the mentioned subdomain a file which is named “Ransomware.txt” with the text “Hacked!” and their own email address.

“By performing these actions, the victim, a Middle Eastern government organisation, has to generate a political statement against the leader of the country,” said Palo Alto Networks researchers. “It also forces the victim to publicly announce that they have been hacked by hosting the Ransomware.txt file.”

Palo Alto Networks has not named any of the targeted government organisations and it has not made links to known threat groups. However, the security firm did say that it had not found any connection between these attacks and the recent Shamoon 2 campaign.

According to the researchers, RanRan malware is not so sophisticated and the developers have made some mistakes when implementing the file encryption mechanism, which appears to be based on publicly available source code.

Keywords: RanRan, Ransomware, Malware

Author: Master3395


comments powered by Disqus

Page 1 of 376  >  >>

Working hard to preserve all public posts on Google+


Mar 20, 2019 | Category: Google | Comments

Now it will not be long.

read more…

New Window Defender Extension Launches - Insecure Websites Open in Edge


Mar 19, 2019 | Category: General | Comments

Works in Chrome and Firefox.

read more…

Now the extensions have appeared - public testing is approaching


Mar 18, 2019 | Category: General | Comments

Found 82 extensions for new Edge.

As we interpret recently Microsoft's activity, we are not the long wait from a public testing period of their new Chromium-based browser. Last week we got a sneak peek at new Edge in some photos you can see here, and it was explained that the first tests only had support in 64-bit Windows 10.

read more…

Page 1 of 376  >  >>