FortiGuard Labs is aware that a new ransomware called “Sugar” is in the wild. Reportedly, Sugar ransomware targets consumers rather than enterprises. The first sample of Sugar ransomware appears to have been discovered in the wild in early November. Sugar ransomware encrypts files on the compromised machine and appends “.emcoded01” file extension to them. Victims are asked to pay ransom to recover the encrypted files.What is Sugar Ransomware?Sugar is a ransomware that is written in Delphi and appeared in the wild in November 2021 at the latest. Once run, Sugar ransomware encrypts files on the compromised machine and appends “.encoded01” file extension to them. The malware then displays a ransom note that asks the victim to visit the attacker’s TOR page to pay the ransom in order to recover the encrypted files. The attacker offers to decrypt up to five files to prove that the encrypted files can be recovered upon ransom is paid.The ransom note displayed by Sugar ransomware looks similar to that of REvil ransomware. Also, the TOR site used by Sugar ransomware has close resemblance with that of Cl0p ransomware. However, there is no evidence to suggest that the Sugar ransomware group is associated with REvil and Cl0p threat actors.How Widespread is Sugar Ransomware?Based on the telemetry data collected by FortiGuard Labs, Sugar ransomware infections likely occurred in Canada, Thailand, the United States, Israel and Lithuania.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against Sugar ransomware:W32/Filecoder.OJD!tr.ransomW32/PossibleThreat
More Stories
USN-5965-1: TigerVNC vulnerability
It was discovered that TigerVNC mishandled TLS certificate exceptions. An attacker could use this vulnerability to impersonate any server after...
CVE-2012-10009
A vulnerability was found in 404like Plugin up to 1.0.2. It has been classified as critical. Affected is the function...
AndroxGh0st Malware Actively Used in the Wild
FortiGuard Labs is aware that AndroxGh0st malware is actively used in the field to primarily target .env files that contain...
#StopRansomware: LockBit 3.0 (AA23-075A)
On March 16th, 2023, CISA, FBI and MS-ISAC released a joint advisory on LockBit 3.0 ransomware as part of #StopRansomware...
stellarium-1.2-9.fc37
FEDORA-2023-2cf272ad72 Packages in this update: stellarium-1.2-9.fc37 Update description: Patches for CVE-2023-28371 Read More
stellarium-1.2-9.fc36
FEDORA-2023-b7e90bc682 Packages in this update: stellarium-1.2-9.fc36 Update description: Patches for CVE-2023-28371 Read More