FortiGuard Labs is aware that a new ransomware called “Sugar” is in the wild. Reportedly, Sugar ransomware targets consumers rather than enterprises. The first sample of Sugar ransomware appears to have been discovered in the wild in early November. Sugar ransomware encrypts files on the compromised machine and appends “.emcoded01” file extension to them. Victims are asked to pay ransom to recover the encrypted files.What is Sugar Ransomware?Sugar is a ransomware that is written in Delphi and appeared in the wild in November 2021 at the latest. Once run, Sugar ransomware encrypts files on the compromised machine and appends “.encoded01” file extension to them. The malware then displays a ransom note that asks the victim to visit the attacker’s TOR page to pay the ransom in order to recover the encrypted files. The attacker offers to decrypt up to five files to prove that the encrypted files can be recovered upon ransom is paid.The ransom note displayed by Sugar ransomware looks similar to that of REvil ransomware. Also, the TOR site used by Sugar ransomware has close resemblance with that of Cl0p ransomware. However, there is no evidence to suggest that the Sugar ransomware group is associated with REvil and Cl0p threat actors.How Widespread is Sugar Ransomware?Based on the telemetry data collected by FortiGuard Labs, Sugar ransomware infections likely occurred in Canada, Thailand, the United States, Israel and Lithuania.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against Sugar ransomware:W32/Filecoder.OJD!tr.ransomW32/PossibleThreat
More Stories
Akira Ransomware Attack
What is the Akira Ransomware Attack? The Akira ransomware attack has actively and widely impacting businesses. According to CISA advisory,...
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
FEDORA-2024-d652859efb Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38 Update description: Update golang-gvisor to 20240408.0 Read More
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39
FEDORA-2024-9cc0e0c63e Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39 Update description: Update golang-gvisor to 20240408.0 Read More
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40
FEDORA-2024-80e062d21a Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40 Update description: Update golang-gvisor to 20240408.0 Read More
python-reportlab-4.2.0-1.fc39
FEDORA-2024-6ec4e78241 Packages in this update: python-reportlab-4.2.0-1.fc39 Update description: Release 4.2.0 Read More
python-reportlab-4.2.0-1.fc40
FEDORA-2024-dc844d0669 Packages in this update: python-reportlab-4.2.0-1.fc40 Update description: Release 4.2.0 Read More