Passionategeekz On June 17, security company Kela published an article revealing a ransomware hacker organization called “Anubis”, which is active on underground hacking forums RAMP and XSS, and widely recruits three types of partners: teams dedicated to ransomware attacks, teams dedicated to ransomware victims, and attackers responsible for infiltrating corporate networks and finding initial invasion points. These cooperative teams collaborate through profit sharing to form a ransomware network with clear division of labor.
Security companies say the organization recently introduced a “fight to death” feature in its ransomware of the same name.That is, if the ransomware fails, the hacker can directly activate the corresponding function to completely clear the files on the victim’s device. Even if the victim chooses to pay the ransom, the corresponding files cannot be restored.. Security companies believe that hackers aim to use this feature design to increase psychological pressure on victims, forcing them to choose to pay ransom.
According to the corresponding researchers, while this type of function of directly deleting victim files is not the first time, Anubis is unique in thatIt combines two mechanisms: data encryption and data erasing into a set of attack processes, making attack methods more complex and difficult to prevent。
It is reported that during the actual attack process, the corresponding hackers usually obtain the target’s initial access permissions through phishing emails, and then execute scripts and command interpreters, use system tokens and process permission enhancement techniques to evade security detection, and lurk in the system to identify key processes, then lock the files and folders that need to be encrypted, and eventually launch a complete ransomware attack.
The researchers specifically mentioned that when Anubis enables its data erasing function, although the name and suffix name of the deleted file remain unchanged, the file content has actually been completely cleared and the file size has become “0KB”. It seems that it has not changed in form, but it is actually unable to recover.
The evolution of such attack models not only shows the increasing maturity of hacker organizations in technology and organizational structure, but also means that traditional security protection methods are facing greater challenges.
Advertising statement: The external redirect links (including, not limited to, hyperlinks, QR codes, passwords, etc.) contained in the article are used to convey more information and save selection time. The results are for reference only. All articles from Passionategeekz include this statement.
Discover more from PassionateGeekz
Subscribe to get the latest posts sent to your email.
