Resecurity which is known for its cybersecurity services including risk management, endpoint protection, and threat intelligence for large enterprises and government agencies worldwide has discovered a new ransomware family in its study tracked as “Nevada Ransomware”.
The threat actors who are responsible for this new malware have an affiliate platform that was first introduced on the RAMP underground community known for initial access brokers (IABs) and other malicious actors and ransomware groups.
Recently, on 1st February, the threat actors behind this campaign updated and significantly advanced the functionality of the locker for Windows and Linux/ESXi. Along with this, the group also distributed new builds for their affiliate platforms, and the malware intelligence team studied these new developments in its report.
Nevada Ransomware is written in the Rust language, which is similar to Hive Ransomware. The locker can be executed via a console with pre-defined flags including encrypting selected files and directories, deleting shadow copies, self-mode encryption, self-deleting, loading hidden drives, and finding and encrypting network shares.
Furthermore, the threat actors possess the ability to escalate their attack beyond the initial point of compromise by performing post-exploitation actions for maximum damage. As per the data from the researcher
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: