Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

DeathRansom evolves from joke to actual ransomware

January 4, 2020
in Internet Security
DeathRansom evolves from joke to actual ransomware
588
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The latest encryption scheme used by the DeathRansom ransomware

You might also like

Cyberattack on UK university knocks out online learning, Teams and Zoom

Google backs new security standard for smartphone VPN apps

Mozilla to start disabling FTP next week with removal set for Firefox 90


Image: Fortinet

A ransomware strain known as DeathRansom, once considered a joke, is now capable of encrypting files using a solid encryption scheme, cyber-security firm Fortinet reported today.

Making matters worse, the ransomware has been backed by a solid distribution campaign, and has been making regular victims on a daily basis for the past two months.

First DeathRansom versions didn’t encrypt anything

First DeathRansom infections were reported in November 2019. Initial versions of this ransomware were deemed a joke. At the time, DeathRansom merely mimicked being a ransomware without encrypting any of a user’s files.

These first versions would add a file extension to all of a user’s files and drop a ransom note on the user’s computer asking for money.

All of this was done in an attempt to trick a victim into paying a ransom demand, without the user realizing that their files weren’t actually encrypted.

As was reported at the time [1, 2], all a user had to do to regain acess to their encrypted files was to remove the second extension from any file.

New version released with a solid encryption scheme

However, work on the DeathRansom code continued, and newer versions are now working as actual ransomware.

According to Fortinet, the new DeathRansom strains use a complex combination of “Curve25519 algorithm for the Elliptic Curve Diffie-Hellman (ECDH) key exchange scheme, Salsa20, RSA-2048, AES-256 ECB, and a simple block XOR algorithm to encrypt files.” [see image above]

While security researchers are still looking at DeathRansom’s encryption scheme for implementation faults, the ransomware appears to be using a solid encryption scheme.

Fortinet tracks down the DeathRansom author

But Fortinet’s investigation into DeathRansom didn’t limit itself to analyzing this new malware’s source code. Researchers also went looking for clues about the ransomware’s author.

By extracting strings from the DeathRansom source code and websites distributing the ransomware payloads, the Fortinet crew was able to successfully link the DeathRansom ransomware to a malware operator responsible for a wide range of cybercrime campaigns going back years.

Fortinet said that prior to creating and distributing DeathRansom, this malware operator had spent his time infecting users with multiple password stealers (Vidar, Azorult, Evrial, 1ms0rryStealer) and cryptocurrency miners (SupremeMiner).

The DeathRansom author appears to have spent years infecting users with malware, extracting usernames and passwords from their browsers, and selling the stolen credentials online, according to various ads Fortinet found on underground hacking forums.

These past malware campaigns left a considerable trail of clues that Fortinet analysts collected. These included the scat01 and SoftEgorka nicknames, the vitasa01[@]yandex.ru email address, a Russian phone number, and the gameshack[.]ru website (which appears to have been owned and operated by the DeathRansom author rather than being a hacked site).

Using these indicators, researchers found profiles on Iandex.Market, YouTube, Skype, VK, Instragram, and Facebook. All of these linked back to a young Russian named Egor Nedugov, living in Aksay, a small Russian town near Rostov-on-Don.

Past posts on hacking forums reveal that Nedugov, acting under the Scat01 username, had posted reviews for malware strains he was using at the time, and which Fortinet later tracked down and documented in their report — such as Vidar, Evrial, and SupremeMiner.

deathransom-forum-posts.png

Image: Fortinet

In an expansive two-series report published today, Fortinet lists all of Nedugov’s online accounts and the obvious mesh of connections between them.

Fortinet said it’s very confident they found the right man behind DeathRansom, and that they found even more online profiles from the same actor which they didn’t include in their report.

Furthermore, the DeathRansom author also appears to have broken one of the unwritten rules of the underground cybercrime scene by “phishing and scamming of his forum mates.”

“That is why nearly all his accounts on underground forums were eventually banned,” Fortinet said.

Currently, DeathRansom is being distributed via phishing email campaigns. The Fortinet report contains indicators of compromise that companies can include in their security products and prevent corporate systems from getting infected. Fortinet also said it’s still working on analyzing the ransomware’s encryption scheme foor any possible faults, which they hope to use to create a free decrypter to help past victims.

Credit: Zdnet

Previous Post

Biometrics, Langauge-based Models, and Climate Change to Highlight AI In 2020

Next Post

AI Weekly: Celeste Kidd on how to close the AI research gender gap

Related Posts

Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Google backs new security standard for smartphone VPN apps
Internet Security

Google backs new security standard for smartphone VPN apps

April 16, 2021
Mozilla to start disabling FTP next week with removal set for Firefox 90
Internet Security

Mozilla to start disabling FTP next week with removal set for Firefox 90

April 16, 2021
Swinburne University confirms over 5,000 individuals affected in data breach
Internet Security

Swinburne University confirms over 5,000 individuals affected in data breach

April 16, 2021
OWC partners with Acronis protect your backups from ransomware attacks
Internet Security

OWC partners with Acronis protect your backups from ransomware attacks

April 16, 2021
Next Post
AI Weekly: Celeste Kidd on how to close the AI research gender gap

AI Weekly: Celeste Kidd on how to close the AI research gender gap

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

A new collective to fight adtech fraud: Friday’s daily brief
Digital Marketing

A new collective to fight adtech fraud: Friday’s daily brief

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
SBI Sumishin Net Bank partners with DLT Labs on supply chain financing network
Blockchain

SBI Sumishin Net Bank partners with DLT Labs on supply chain financing network

April 16, 2021
Machine learning approach identifies more than 400 genes tied to schizophrenia
Machine Learning

Machine learning models may predict criminal offenses related to psychiatric disorders

April 16, 2021
Templates Vs Machine Learning OCR | by Infrrd | Mar, 2021
Neural Networks

Templates Vs Machine Learning OCR | by Infrrd | Mar, 2021

April 16, 2021
How you handle email replies matters for great customer experiences
Digital Marketing

How you handle email replies matters for great customer experiences

April 16, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • A new collective to fight adtech fraud: Friday’s daily brief April 17, 2021
  • Cyberattack on UK university knocks out online learning, Teams and Zoom April 17, 2021
  • SBI Sumishin Net Bank partners with DLT Labs on supply chain financing network April 16, 2021
  • Machine learning models may predict criminal offenses related to psychiatric disorders April 16, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates