This week, the SonicWall Capture Labs threat research team analyzed a ransomware that not only encrypts files but also accuses the victim of harboring explicit content on their computer and then threatens to turn it over to authorities if ransom is not paid.
Extortion attacks often come as unsolicited emails, and GoZone has stooped to pretending to find explicit content on victims’ machines to extract payment. This ransomware is written in Go. It is apparent that it uses Chacha20 and RSA encryption packages as evidenced by its strings.
Read more…
Source: SonicWall Capture Labs
Related:
- PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely
May 1, 2017
Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability. Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated ...
- TalkTalk hack attack: Two men plead guilty to customer data theft
April 27, 2017
Two men have pleaded guilty to hacking into TalkTalk’s website in October 2015 and stealing thousands of customer records containing sensitive data. Matthew Hanley, 22, of Devonshire Drive, Tamworth admitted to three offences under the Computer Misuse Act. The Metropolitan Police said that he confessed to breaching TalkTalk’s site, had obtained files that would enable the ...
- FalseGuide malware victim count jumps to 2 million
April 26, 2017
An estimated 2 million Android users have now fallen victim to malware mistakenly downloaded from Google Play, which was initially reported to have affected approximately 600,000 users. The malware, dubbed FalseGuide, was hidden in more than 40 guide apps for games, the oldest of which was uploaded to Google Play as early as November last year, ...
- Fancy Bear Hackers Target French Presidential Candidate
April 25, 2017
A phishing campaign is targeting the emails of French presidential candidate Emmanuel Macron’s campaign staff. All fingers are pointing towards Russia once more. According to security firm Trend Micro who published a new report today, there are signs of a phishing attack targeting Macron, in what feels like deja-vu. The sites that are trying to trick ...
- Hard Target: Fileless Malware
April 25, 2017
The future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult to neutralize. “There has been an unequivocal uptick in the use of fileless malware as a threat vector,” said Kevin Epstein, ...
- Fortinet Supports INTERPOL-led Cybercrime Operation across the Association of Southeast Asian Nations (ASEAN)
April 24, 2017
Fortinet has partnered with INTERPOL over the past two years to assist in identifying and thwarting cybercrime. Today, INTERPOL announced that a new operation across the ASEAN region, built around threat intelligence provided by Fortinet and other public and private sector security organizations, has resulted in the identification of nearly 9,000 Command and Control (C2) ...