Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Ransomware uses WinRAR to lock victim's data
Memento started operating last month. It exploits the VMware vCenter Server web client vulnerability to infiltrate the victim's system. This vulnerability is codenamed CVE-2021-21971 and has a score of 9.8 so the severity is extremely high.
CVE-2021-21971 allows anyone with remote access to TCP/IP port 443 on the exposed vCenter server to execute commands on elementary OS with administrative privileges.
The patch for CVE-2021-21971 was released in February 2021. However, based on Memento's activities, it can be seen that many organizations and businesses have not updated the patch.
Ransomware uses WinRAR to lock victim's data Picture 1
Memento started exploiting CVE-2021-21971 from April. In May, another dangerous actor appeared to exploit this vulnerability to install XMR virtual currency mining tool via PowerShell command.
After infiltrating the victim's computer, Memento used WinRAR to create an archive of the stolen files and extract it. Next, they used Jetico's BCWipe data deletion utility to erase all remaining traces. After use, they use a ransomware strain programmed in Python to encrypt AES.
However, Memento's attempts to encrypt files failed because the system was protected by an anti-ransomware engine. The encryption process has been prevented so it has not caused any damage.
In the difficult, the wisdom emerges, Memento skips the file encryption step. Instead, they transfer all stolen files to a password-protected archive.
To do this, the hacker group would move the files to the WinRAR archive, set a strong password, encrypt the password, and then delete the original files.
Memento often requires victims to pay huge amounts of Bitcoin to ransom data. However, according to statistics so far, Memento victims often do not pay the ransom but use the backup to restore the files.
However, Memento is a new group, so it is likely that in the future they will upgrade their attack methods or change the target of attacks to be more effective.
Micah SotoYou should read it
- 7 kinds of ransomware you didn't expect
- List of the 3 most dangerous and scary Ransomware viruses
- Link Download WinRAR 6.00b1: A free compression and decompression tool
- Why does Winrar give you a free trial for a lifetime?
- Ransomware can encrypt cloud data
- How to Use WinRAR
- WinRAR settings automatically delete the root directory after decompressing the data
- How to compress and decompress files with WinRar?
- Discovered new ransomware on Mac computers
- Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new version
- How to create ISO file with WinRAR
- WinRAR is really free version, please download and experience
Security solution
Detected a serious BIOS vulnerability, affecting many Intel processors- Mysterious malware threatens millions of routers and IoT devices
- App Installer on Windows 10 was used to install BazarLoarder malware
- AMD patched a series of security holes in the graphics driver for Windows 10
- Mistakes Companies Make with Data & Information Security
- How to use the Microsoft Authenticator app
Detected a serious BIOS vulnerability, affecting many Intel processors
Mysterious malware threatens millions of routers and IoT devices
App Installer on Windows 10 was used to install BazarLoarder malware
AMD patched a series of security holes in the graphics driver for Windows 10
Mistakes Companies Make with Data & Information Security
How to use the Microsoft Authenticator app