Ymir: ransomware with malware

We brought together the Kaspersky Rapid Response Team Ymir-Ransomware Besondere Technische Merkmale und Tktiken, die ihre Wirksamkeit Steigern. An easy-to-use combination of Speicherverwaltungsfonktionen – malloc, memmove and memcmp – and Schadcode directly during the conversation. Ansatz is heavy, containing more data than typical Ransomware and Verschleierung. Mit der –path-Kommandozeile, Angreifer zudem gezelt festlegen, welchem ​​Verzeichnis die Ransomware nach Dataien. The data in the White List has not changed much and not many changes have been made, making it a trip control for the checks of the Verschlüsselung.

Through First Access

Ransomware-Angriff is among an Information Thieves: An attack from Kaspersky compromised RustyStealer as a confidential Zugang data. During many Ransomware installation processes, check Angreifer Zugriff using the Unternehmens System and check for a long time. Diese Art von Angriff acts as the First Mediator of Access as an Angreifer and a long-term fristellen in the System. Normally, the First Access Agent faces another cybercrime on the Dark Web; In this case, Angreifer’s drop plan is activated and the Ransomware is received directly via email.

Ransomware ChaCha20, a modern Strom-Chiffre-Verfahren, serves in a broad perspective with advanced Encryption Standard (AES) as a great safety and security measure.

Unknown, we have a clue to the existence of Ransomware

“By enabling Ransomware installation as Initial Access Agent, You Can Start New Trends with the traditional Ransomware-as-a-Service (RaaS)-Set,” said Cristian Souza von Kaspersky from Kaspersky. “There is a new Ransomware Group in Untergrundmarkt. Information was leaked and so they went to Angreifer Schattenforen or Portale as part of Betroffenen, damn it, there were losses. Bei Ymir dies without ever falling. Nothing is known, to the existence of Ransomware “There’s a clue.”