From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call Rast ransomware.
After a long time of tracking, QiAnXin Threat Intelligence Center have captured three versions of Rast ransomware, and the versions are still iterating. rast ransomware has a very special logic: after the ransomware is completed, it will upload the machine name and unique identifier of the local machine to the remote mysql database. Through reverse analysis the research team got the mysql database account password and statistics of victims in the database, and found that in just ten months more than 6,800 terminals were controlled.
Read more…
Source: QiAnXin Threat Intelligence Center
Related:
- Maze ransomware now encrypts via virtual machines to evade detection
September 17, 2020
The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine. In May, we previously reported that Ragnar Locker was seen encrypting files through VirtualBox Windows XP virtual machines to bypass security software on the host. The virtual machine would mount a host’s drives ...
- Mozi Botnet Accounts for Majority of IoT Traffic
September 17, 2020
The Mozi botnet, a peer-2-peer (P2P) malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things (IoT) devices, according to researchers. IBM X-Force noticed Mozi’s spike within it’s telemetry, amid a huge increase in overall ...
- Apple Bug Allows Code Execution on iPhone, iPad, iPod
September 17, 2020
Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices. The most severe of these could allow an adversary to exploit a privilege-escalation vulnerability against any of the devices and ultimately gain arbitrary code-execution. The bugs were made public Wednesday as part of ...
- Alert issued to UK universities and colleges about spike in cyber attacks
September 17, 2020
British universities and colleges have been warned about a spike in ransomware attacks targeting the education sector by the UK’s National Cyber Security Centre (NCSC), a part of GCHQ. Academic institutions are being urged to follow NCSC guidance following a sharp increase in attacks which have left some teachers fearing they won’t be able to accept ...
- “Zerologon” and the Value of Virtual Patching
September 16, 2020
A new CVE was released recently that has made quite a few headlines – CVE-2020-1472. Zerologon, as it’s called, may allow an attacker to take advantage of the cryptographic algorithm used in the Netlogon authentication process and impersonate the identity of any computer when trying to authenticate against the domain controller. To put that more simply, ...
- Cerberus banking Trojan source code released for free to cyberattackers
September 16, 2020
The source code of the Cerberus banking Trojan has been released as free malware on underground hacking forums following a failed auction. Speaking at Kaspersky NEXT 2020 on Wednesday, Kaspersky cybersecurity researcher Dmitry Galov said that the leaked code, distributed under the name Cerberus v2, presents an increased threat for smartphone users and the banking sector ...