- Researchers spotted a brand new Ymir ransomware
- This new strain teamed up with a group deploying infostealers
- There is a chance that the entire operation was done by a single actor
Two hacking groups have been recently observed working together to infect a victim – one to establish initial persistence and steal information, and one to encrypt the systems and demand a ransomware payment.
Researchers from Kaspersky recently investigated one such incident in Colombia, where the unnamed company first got infected by RustyStealer, an infostealing malware capable of grabbing login credentials, sensitive files, and more.
This part of the attack was likely conducted by one set of criminals who, once their part was done, handed the access over to a second group.
Single actor?
The second group first made sure its encryptor doesn’t trigger any antivirus or antimalware alarms. To that end, they installed different tools, such as Process Hacker and AdvancedIP Scanner. “Eventually, after reducing system security, the adversary ran Ymir to achieve their goals,” the researchers conclude.
Ymir is the name of both the encryptor and the threat actor behind it, and is also a relatively new entrant in the ransomware space. The malware is quite unique, too, in that it operates entirely from memory, taking advantage of different functions such as ‘malloc’, ‘memove’, and ‘memcmp’ to prevent being detected.
While teamwork is not a foreign word in the world of cybercrime, there is also a slight possibility that this entire operation was done by a single actor. In that case, it would mark an entirely different approach to ransomware attacks, and possibly a notable shift in how…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.