They say imitation is the sincerest form of flattery: The LV ransomware, a strain that cropped up just this spring, turns out to be based on what is most likely pirated REvil ransomware code, according to researchers.
A malware analysis of LV from Secureworks Counter Threat Unit (CTU) found that its operators (which it calls Gold Northfield), replaced the configuration of a REvil v2.03 beta version to basically copy and repurpose the REvil binary for its own ransomware. This indicates a likely reverse-engineering job, researchers said.
“The code structure and functionality of the LV ransomware sample analyzed by CTU researchers are identical to REvil,” researcher said in a Tuesday blog post.
Read more…
Source: ThreatPost