FortiGuard Labs is aware that a new ransomware called “Sugar” is in the wild. Reportedly, Sugar ransomware targets consumers rather than enterprises. The first sample of Sugar ransomware appears to have been discovered in the wild in early November. Sugar ransomware encrypts files on the compromised machine and appends “.emcoded01” file extension to them. Victims are asked to pay ransom to recover the encrypted files.What is Sugar Ransomware?Sugar is a ransomware that is written in Delphi and appeared in the wild in November 2021 at the latest. Once run, Sugar ransomware encrypts files on the compromised machine and appends “.encoded01” file extension to them. The malware then displays a ransom note that asks the victim to visit the attacker’s TOR page to pay the ransom in order to recover the encrypted files. The attacker offers to decrypt up to five files to prove that the encrypted files can be recovered upon ransom is paid.The ransom note displayed by Sugar ransomware looks similar to that of REvil ransomware. Also, the TOR site used by Sugar ransomware has close resemblance with that of Cl0p ransomware. However, there is no evidence to suggest that the Sugar ransomware group is associated with REvil and Cl0p threat actors.How Widespread is Sugar Ransomware?Based on the telemetry data collected by FortiGuard Labs, Sugar ransomware infections likely occurred in Canada, Thailand, the United States, Israel and Lithuania.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against Sugar ransomware:W32/Filecoder.OJD!tr.ransomW32/PossibleThreat
More Stories
trafficserver-9.2.5-1.el8
FEDORA-EPEL-2024-d40458db4b Packages in this update: trafficserver-9.2.5-1.el8 Update description: Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 Read More
trafficserver-9.2.5-1.fc40
FEDORA-2024-77fe791124 Packages in this update: trafficserver-9.2.5-1.fc40 Update description: Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 Read More
trafficserver-9.2.5-1.el9
FEDORA-EPEL-2024-504d1abdb5 Packages in this update: trafficserver-9.2.5-1.el9 Update description: Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 Read More
trafficserver-9.2.5-1.fc39
FEDORA-2024-2243c5abee Packages in this update: trafficserver-9.2.5-1.fc39 Update description: Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 Read More
python-setuptools-69.0.3-4.fc40
FEDORA-2024-247e9ba33a Packages in this update: python-setuptools-69.0.3-4.fc40 Update description: Security fix for CVE-2024-6345. Read More
python-setuptools-67.7.2-8.fc39
FEDORA-2024-9ed182a5d3 Packages in this update: python-setuptools-67.7.2-8.fc39 Update description: Security fix for CVE-2024-6345. Read More