What is Underground Team Ransomware?
Underground Team is a new ransomware variant that encrypts files on compromised machines and claims to have stolen sensitive data from victims. Although the ransomware encrypts files, file extensions of the affected files stay unchanged. It also deletes Volume Shadow Copies to prevent victims from being able to recover any files that had been encrypted.
Underground Team ransomware attacker has its TOR negotiation site, where victims can have discussions with the attacker about ransom details. The URL of the TOR site is included in the ransom note “!!readme!!!.txt” along with additional information about where the attacker claims to have exfiltrated the information and the type of information. The ransom note also states that the attacker will release the stolen data unless the ransom is paid within three days. The attacker also claims to be willing to help victims improve their network security.
Why is this Significant?
This is significant because Underground Team is a new ransomware strain that can have a significant impact on businesses by encrypting files on compromised machines and potentially stealing confidential data.
What FortiGuard Coverage is Available?
FortiGuard Labs has the following AV signature in place for the known Underground Team ransomware:
W32/FileCoder.75F6!tr.ransom
More Stories
ZDI-CAN-25373: Microsoft
A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...
DSA-5774-1 ruby-saml – security update
It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify...
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,...
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands....
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1,...