Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Discovered new ransomware called White Rabbit, related to the notorious FIN8 hacker group
FIN8 is a group that specializes in hacking for money and usually targets financial institutions. Over the past few years, FIN8's main attack method has been to deploy malicious POS software to steal credit card information.
In December 2021, TrendMicro researchers obtained a sample of the White Rabbit ransomware when it attacked a bank in the US. The ransomware executable is a small payload, about 100KB in size, and requires a new password to be entered to decrypt the payload.
The password used to execute the malicious payload has been used in previous ransomware campaigns such as Egregor, MegaCortex, and SamSam.
After entering the correct password, the ransomware executes, which scans all folders on the device and encrypts the files it targets, creating a ransom note for each file it encrypts.
Example: A file named test.txt will be encrypted as test.txt.scrypt and a ransom note will be created with the name test.txt.scrypt.txt.
When encrypting a device, removable hard drives and network storage drives will also be attacked. Windows system files will not be encrypted to avoid damaging the operating system.
In the ransom note, the cybercriminal informs the victim that their data has been stripped. Therefore, if the ransom requirements are not met, the cybercriminals will publicly post and/or sell the data.
The time limit for the victim to prepare the ransom is 4 days, the victim can contact or negotiate with the attackers via a Tor site.
Currently, the White Rabbit only attacks certain entities. However, with the connection to FIN8, researchers fear that it will become a threat to many companies and businesses in the near future.
At this point, White Rabbit can be prevented by standard anti-ransomware measures as follows:
- Implement multi-layered detection and response solutions.
- Create an incident response handbook to prevent and recover from an attack.
- Conduct simulations of ransomware attacks to identify vulnerabilities and evaluate performance.
- Perform backups, test backups, verify backups, and store backups offline.
Lesley MontoyaYou should read it
- List of the 3 most dangerous and scary Ransomware viruses
- Warning: Ransomware is spreading through fake malicious Windows updates
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- What is BlackCat Ransomware? How to prevent?
- How to decode ransomware InsaneCrypt (Everbe 1.0)
May be interested
- Microsoft issued a warning about macOS security errors, urging users to update the software immediately
the microsoft security team recently issued a warning about a vulnerability that exists in a bug in apple's transparency, consent and control (tcc) technology. tcc is a technology that has been around since 2012. - The Gupteba botnet that infected 1 million Windows computers has just been taken down by Googleglopbeta is a dangerous type of malware with the ability to steal user information and cookies, mine virtual currency, deploy and operate proxy components... it usually targets both windows and device systems. iot devices.
- Dangerous malicious code, capable of self-mutating, attacking the vaccine manufacturing industrya dangerous type of malicious code, capable of mutating itself to avoid security software, is attacking vaccine manufacturing and supply companies globally.
- Detected malicious attack campaign targeting TikTok, threatening to delete accounts of many celebritiesinternational security researchers have recently issued an urgent warning about a new phishing attack campaign on the tiktok platform.
- AMD admits that its new driver update packages for Windows are becoming a 'shooting target' of hackersamd has just published a long list of security flaws and corresponding exploits related to their windows 10 graphics driver updates.
- What is a zero-click attack? How dangerous is it?the more the internet world develops, the more forms of cyber attacks are actively changing in a more complicated and dangerous direction.
Attack the network
Teen hacker is believed to be behind the notorious hacker group Lapsus$- What is Ransomware Bad Rabbit? How to prevent this malware effectively
- Bad Rabbit - Petya's new ransomware spreads throughout Eastern Europe
- America found the notorious hacker 'Fxmsp', who was dubbed the 'Invisible God'
- White-haired 'monsters'
Teen hacker is believed to be behind the notorious hacker group Lapsus$
What is Ransomware Bad Rabbit? How to prevent this malware effectively
Bad Rabbit - Petya's new ransomware spreads throughout Eastern Europe
America found the notorious hacker 'Fxmsp', who was dubbed the 'Invisible God'
White-haired 'monsters'