Wednesday | 15 January 2025 | Reg No- 06
বাংলা
   
Wednesday | 15 January 2025 | Epaper

Kaspersky identifies new stealthy ransomware

Published : Tuesday, 26 November, 2024 at 12:00 AM  Count : 134
Kaspersky's Global Emergency Response Team has identified a previously unseen ransomware strain in active use, deployed in an attack following the theft of employee credentials. 

The ransomware, dubbed "Ymir", employs advanced stealth and encryption methods. It also selectively targets files and attempts to evade detection, says a press release.

Ymir ransomware introduces advanced features that enhance its stealth and control. It uses unique memory manipulation techniques, utilizing malloc, memmove, and memcmp functions to execute code directly in memory, which deviates from typical ransomware tactics and makes detection harder. Additionally, attackers can specify directories for encryption, excluding files on a whitelist for increased control.

In an attack observed by Kaspersky experts on a Colombian organization, threat actors used RustyStealer malware to steal corporate credentials, gaining access for prolonged control to deploy ransomware. 

"If the brokers are indeed the same actors who deployed the ransomware, this could signal a new trend, creating additional hijacking options without relying on traditional Ransomware-as-a-Service (RaaS) groups," explains Cristian Souza, Incident Response Specialist at Kaspersky Global Emergency Response Team.



LATEST NEWS
MOST READ
Also read
Editor : Iqbal Sobhan Chowdhury
Published by the Editor on behalf of the Observer Ltd. from Globe Printers, 24/A, New Eskaton Road, Ramna, Dhaka.
Editorial, News and Commercial Offices : Aziz Bhaban (2nd floor), 93, Motijheel C/A, Dhaka-1000.
Phone: PABX- 41053001-06; Online: 41053014; Advertisement: 41053012.
E-mail: [email protected], news©dailyobserverbd.com, advertisement©dailyobserverbd.com, For Online Edition: mailobserverbd©gmail.com
🔝
close