Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Discovered new ransomware called White Rabbit, related to the notorious FIN8 hacker group
FIN8 is a group that specializes in hacking for money and usually targets financial institutions. Over the past few years, FIN8's main attack method has been to deploy malicious POS software to steal credit card information.
In December 2021, TrendMicro researchers obtained a sample of the White Rabbit ransomware when it attacked a bank in the US. The ransomware executable is a small payload, about 100KB in size, and requires a new password to be entered to decrypt the payload.
The password used to execute the malicious payload has been used in previous ransomware campaigns such as Egregor, MegaCortex, and SamSam.
After entering the correct password, the ransomware executes, which scans all folders on the device and encrypts the files it targets, creating a ransom note for each file it encrypts.
Example: A file named test.txt will be encrypted as test.txt.scrypt and a ransom note will be created with the name test.txt.scrypt.txt.
When encrypting a device, removable hard drives and network storage drives will also be attacked. Windows system files will not be encrypted to avoid damaging the operating system.
In the ransom note, the cybercriminal informs the victim that their data has been stripped. Therefore, if the ransom requirements are not met, the cybercriminals will publicly post and/or sell the data.
The time limit for the victim to prepare the ransom is 4 days, the victim can contact or negotiate with the attackers via a Tor site.
Currently, the White Rabbit only attacks certain entities. However, with the connection to FIN8, researchers fear that it will become a threat to many companies and businesses in the near future.
At this point, White Rabbit can be prevented by standard anti-ransomware measures as follows:
- Implement multi-layered detection and response solutions.
- Create an incident response handbook to prevent and recover from an attack.
- Conduct simulations of ransomware attacks to identify vulnerabilities and evaluate performance.
- Perform backups, test backups, verify backups, and store backups offline.
Lesley MontoyaYou should read it
- List of the 3 most dangerous and scary Ransomware viruses
- Warning: Ransomware is spreading through fake malicious Windows updates
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- What is BlackCat Ransomware? How to prevent?
- How to decode ransomware InsaneCrypt (Everbe 1.0)
May be interested
- Microsoft Exchange server hacked by LockFile ransomware
the hacker group behind a new ransomware called lockfile has encrypted windows domains after hacking into microsoft exchange servers with the proxyshell vulnerability. - Appears a free game that allows you to practice being a hackeranonymous hacker simulator is a simulation game, allowing you to transform into a professional white hat hacker with the mission to uncover the conspiracy behind the civil data surveillance program of a dark organization.
- No anti-virus software can detect this extremely dangerous new Ransomware on Androida new type of ransomware on android has just been discovered by a researcher on a blog called zscaler. the point that makes this type of ransomware so frightening is that no anti-virus software can detect it.
- Paradise ransomware source code shared on hacker forumthe entire source code of the paradise ransomware has been shared on a hacker forum called xss.is. based on this source code, even novice cybercriminals can create their own custom ransomware.
- The hacker group threatened to spread the network attack tool behind WannaCrythe tool used by the hacker group to create the wannacry global cyber attack is about to be released.
- 17 skills needed to become a hackerto become a professional hacker you need a lot of knowledge in both engineering and information technology. here are 17 skills you will need to have if you want to be a good hacker.
- Post-thanks corner: Google, Microsoft award millions of dollars to white-hat hackers, Toyota, NEC say 'thank you'the trend of awarding security bug detection bounties is growing widely in the modern technology world.
- Chinese hackers use ransomware as bait to hide cyber espionagetwo chinese hacker groups are carrying out cyber espionage campaigns and stealing intellectual property from japanese and western companies. to cover up their espionage, these groups of hackers pretend they're spreading ransomware.
- What is Ransomware Task Force (RTF)?ransomware has become one of the top security threats in the past three years. the first ransomware strain and one of the worst nightmares in the history of global cybersecurity - wannacry - was discovered in may 2017.
- 7 kinds of ransomware you didn't expectmost people know the process of making a ransomware, which is why ransomware creators are always looking to find and create new ransomware to make you pay. here are some new ransomware you should know.
Attack the network
- Microsoft issued a warning about macOS security errors, urging users to update the software immediately
- The Gupteba botnet that infected 1 million Windows computers has just been taken down by Google
- Dangerous malicious code, capable of self-mutating, attacking the vaccine manufacturing industry
- Detected malicious attack campaign targeting TikTok, threatening to delete accounts of many celebrities
- AMD admits that its new driver update packages for Windows are becoming a 'shooting target' of hackers
- What is a zero-click attack? How dangerous is it?
Microsoft issued a warning about macOS security errors, urging users to update the software immediately
The Gupteba botnet that infected 1 million Windows computers has just been taken down by Google
Dangerous malicious code, capable of self-mutating, attacking the vaccine manufacturing industry
Detected malicious attack campaign targeting TikTok, threatening to delete accounts of many celebrities
AMD admits that its new driver update packages for Windows are becoming a 'shooting target' of hackers
What is a zero-click attack? How dangerous is it?