Cyber watchdog Cyble has announced that a new wave of actors targeting businesses and organisations with ransomware is beginning.
New ransomware
RedAlert or N13V is the new version of ransomware being used to target corporations this new ransomware targets both Windows and Linux VMWare ESXi servers on corporate networks according to Cyble. It apparently hijacks macchines and encrypts all files related to them preventing them from functioning.
RedAltert according to Cyble takes payments in Monero which makes it unlike normal ransomware where cryptocurrency is often used such as Bitcoin.
Lilith ransomware
Another piece of ransomware is Lilith which is quite versatile accoridn got Cyble. This ransomware allows many file types to be rendered unsuable. Encrypting the files on the victims machine enables this as it appends the extension of encrypted files as .lilith.
Lilith is known to created a ransom note on the system and demand payment within three days. If they are not paid they will start leaking files however it is not clear if they do release in three days as ransomware attacks are often negotiable.
When Lilith is executed it searched for a list of hardcoded processes in the file and terminates its execution if any of them are running on the targets machine according to Cyble. This step ensures that the processes do not block file access which are destined to be encryped.
Prevention
Ransomware activity is on the rise and has reached record levels driven by older groups rebranding and advent of new ones. Ransomware is a tricky subject to prevent, allowing any user access to privledge levels without correct training or a secure process can enable such attacks. It is a good idea to look at the overall hardening of the surface of the network and a proactive approach to training and prevention.
One of last weeks articles is available here.
Cyble’s article is available here.
