A campaign with interesting features follows all the canons of cyber-ransomware.
Cisco Talos discovered a new strain of ransomware that was used to attack organizations in China, Vietnam, Bulgaria, and a number of English-speaking countries. Experts suggest that the subject of the threat is based in Vietnam and has been conducting attacks since June 4.
The malware is a variant of the Yashma ransomware, which became inactive after the decryptor was released last year.
The hacker's origin is indicated by the name of his GitHub account and contact email in the ransom note, which copies the name of the Vietnamese organization. The ransom note resembles the one used in WannaCry in 2017. Versions of the note are available in English, Bulgarian, Vietnamese, and Chinese.
The ransom amount is doubled if the victim does not pay it within three days. However, the redemption amount is not specified, and there are no funds on the bitcoin wallet specified in the note. This may indicate that the campaign is just beginning to develop.
Ransom Note
Cisco Talos points out that Yashma is a renamed version of the Chaos ransomware that first appeared in May 2022. The main difference is that the new version downloads the ransom note from the cybercriminal's GitHub repository, which allows you to bypass detection systems.
Cisco Talos discovered a new strain of ransomware that was used to attack organizations in China, Vietnam, Bulgaria, and a number of English-speaking countries. Experts suggest that the subject of the threat is based in Vietnam and has been conducting attacks since June 4.
The malware is a variant of the Yashma ransomware, which became inactive after the decryptor was released last year.
The hacker's origin is indicated by the name of his GitHub account and contact email in the ransom note, which copies the name of the Vietnamese organization. The ransom note resembles the one used in WannaCry in 2017. Versions of the note are available in English, Bulgarian, Vietnamese, and Chinese.
The ransom amount is doubled if the victim does not pay it within three days. However, the redemption amount is not specified, and there are no funds on the bitcoin wallet specified in the note. This may indicate that the campaign is just beginning to develop.
Ransom Note
Cisco Talos points out that Yashma is a renamed version of the Chaos ransomware that first appeared in May 2022. The main difference is that the new version downloads the ransom note from the cybercriminal's GitHub repository, which allows you to bypass detection systems.
