free counter

Adaptive RedAlert, Monster ransomwares go cross-platform

Dmitry Nikolaev –

Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups which have adapted their ransomwares to focus on different os’s simultaneously

Alex Scroxton


Published: 25 Aug 2022 12: 30

The developers of two newly emergent ransomware families, RedAlert and Monster, are employing novel ways to spread their attacks as widely as you possibly can by exploiting multiple different os’s (OSes) simultaneously, in accordance with research shared by cyber giant Kaspersky.

The usage of multi-platform ransomwares is nothing new therefore. Indeed, Kaspersky said it’s been witnessing their prolific utilize this year.

The purpose of such ransomwares is usually to be in a position to damage as much systems as you possibly can by adapting their code to many OSes simultaneously.

However, whereas other cross-platform ransomwares,such as for example Luna or BlackCat, use multiplatform languages such as for example Rust or Go/Golang, RedAlert and Monster aren’t written in a cross-platform language but wthhold the capability to target various OSes simultaneously.

Weve got quite used to the ransomware groups deploying malware written in cross-platform language,said Jornt van der Wiel, a senior security researcher on Kasperskys Global Research and Analysis Team (GReAT). However, nowadays, cyber criminals learned to regulate their malicious code written in plain programming languages for joint attacks making security specialists elaborate on methods to detect and stop the ransomware attempts.

RedAlert that is also called N13V is coded in the usual C, or at the very least the Linux-targeting version Kaspersky dissected was, and explicitly targets both Windows and Linux-based VMware ESXi servers. It incorporates command line options that let its controllers look for and shut down any running virtual machines (VMs) before encrypting files connected with ESXi VMs.

Its dark site supplies a decryptor for download that the group claims can be acquired for several platforms, although Kaspersky is not in a position to verify if the decryptor is written in a cross-platform language. RedAlert otherwise uses fairly standard double extortion tactics.

An additional noteworthy albeit unrelated point is that RedAlert only accepts ransom payments in the Monero cryptocurrency, that is not accepted atlanta divorce attorneys country or by every exchange, making payments harder for the victim.

Because the group is relatively young, we couldnt learn a lot concerning the victimology, but RedAlert sticks out being an interesting exemplory case of an organization that were able to adjust their code written in C to different platforms, the researchers said.

The Monster ransomware first detected in July 2022 by Kasperskys Darknet monitoring system is written in the general-purpose Delphi language that expands on different systems. However, this group sticks out because it carries a graphical interface (GUI), an element that no other known ransomware crew has ever implemented before.

Kaspersky admitted this feature was something of a puzzle in their mind. This latter property is particularly peculiar, once we usually do not remember seeing this before, it said. You can find known reasons for this, because why would one feel the effort of implementing this when most ransomware attacks are executed utilizing the command line within an automated way throughout a targeted attack?

The ransomware authors will need to have realised this aswell, given that they included the GUI being an optional command-line parameter.

More info on both these ransomwares, including various screenshots, and also additional intelligence on the vulnerabilities found in their attacks, can be acquired from Kaspersky.

Read more on Hackers and cybercrime prevention

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker