This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Cybersecurity researchers from South Korean security firm S2W Labs have unearthed two new ransomware groups. A sample of the first group of malware — which is identifying itself as ‘Haron’, was first submitted to VirusTotal on July 19.
According to S2W Lab, the layout, organization, and tactics used by Haron are almost identical to those for Avaddon, the ransomware group that went dark in June after sending a master decryption key to BleepingComputer that victims could use to recover their data.
Both groups are targeting high-profile organizations in order to maximize their profits. Haron also runs a “leak site” where it threatens to publish data stolen from companies who refuse to pay for decrypting their files. According to S2W Lab, the engine driving Haron ransomware is Thanos, a separate piece of ransomware that has been around since at least 2019.
Haron was developed using a recently published Thanos builder for the C# programming language. Avaddon, on the other hand, was written in C++. Jim Walter, a senior threat researcher at security firm SentinelOne, said in a text message that he spotted what appear to be similarities with Av
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: BlackMatter & Haron Targeting Firms with Revenue of $100 Million and More