Source |
CSO |
Identifiant |
6499917 |
Date de publication |
2022-08-24 03:49:00 (vue: 2022-08-24 11:05:37) |
Titre |
New ransomware HavanaCrypt poses as Google software update |
Texte |
A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason, the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn't seem to be dropping a traditional ransom note.HavanaCrypt deployment
The researchers don't have a lot of information about the initial access vector because the sample they analyzed was obtained from VirusTotal, a web-based file scanning service, where it was likely uploaded by a victim. What is clear is that the metadata of the malicious executable has been modified to list the publisher as Google and the application name as Google Software Update and upon execution it creates a registry autorun entry called GoogleUpdate. Based on this information, one could assume that the lure used to distribute the ransomware, either via email or the web, is centered around a fake software update.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
about access analysis analyzed anti application around article assume autorun based because been but called centered clear click could creates cybereason data deployment distribute doesn don dropping dubbed either email encryption entry escalation executable execution exfiltration fake features file from full google googleupdate has havanacrypt have here information initial library likely list lot lure making malicious management masquerading mechanisms metadata modified months name new note obtained one open password past please poses privilege program publisher ransom ransomware read registry researchers reusing sample scanning seem service software source strain traditional two update uploaded upon used vector victim victims virustotal web what where |
Tags |
Ransomware
|
Stories |
|
Notes |
|
Move |
|