A ransomware with the un-snappy moniker of “5ss5c” has emerged on the scene and appears to be in active development. According to independent researcher Bart Blaze, the malware is the successor to the Satan ransomware, and its authors are still experimenting with focused targeting (China, for now) and features.
Blaze said in a blog posted Tuesday that 5ss5c and Satan share many code characteristics. Satan, he noted, disappeared from the ransomware mileu a few months ago, right after adding an EternalBlue exploit to its bag of tricks. 5ss5c appears to be picking up where Satan left off.
“The group has been working on new ransomware – 5ss5c – since at least November 2019,” Blaze noted. “There are several Satan ransomware artefacts [and shared tactics, techniques and procedures (TTPs)]. One of these is, for example, the use of multiple packers to protect their droppers and payloads.”
Read more…
Source: ThreatPost