A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason, the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn’t seem to be dropping a traditional ransom note.
HavanaCrypt deployment
The researchers don’t have a lot of information about the initial access vector because the sample they analyzed was obtained from VirusTotal, a web-based file scanning service, where it was likely uploaded by a victim. What is clear is that the metadata of the malicious executable has been modified to list the publisher as Google and the application name as Google Software Update and upon execution it creates a registry autorun entry called GoogleUpdate. Based on this information, one could assume that the lure used to distribute the ransomware, either via email or the web, is centered around a fake software update.
More Stories
The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)
In episode 30 of The AI Fix, AIs are caught lying to avoid being turned off, Apple’s AI flubs a...
US and Japan Blame North Korea for $308m Crypto Heist
A joint US-Japan alert attributed North Korean hackers with a May 2024 crypto heist worth $308m from Japan-based company DMM...
Spyware Maker NSO Group Found Liable for Hacking WhatsApp
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse...
Spyware Maker NSO Group Liable for WhatsApp User Hacks
A US judge has ruled in favor of WhatsApp in a long-running case against commercial spyware-maker NSO Group Read More
Major Biometric Data Farming Operation Uncovered
Researchers at iProov have discovered a dark web group compiling identity documents and biometric data to bypass KYC checks Read...
Ransomware Attack Exposes Data of 5.6 Million Ascension Patients
US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a...