A modified and abnormally acting version of the ransomware Don’t live is rapidly spreading worldwide.
Among the most affected countries at the moment are China, Vietnam but also a European nation, namely Bulgaria. The offensive, identified on 4 June for the first time, appears to be the work of a group of hacker Vietnamese, as reported by Cisco Talos.
“The threat actor uses an unusual technique to deliver the ransom note,” says security researcher Chetan Raghuprasad. “Instead of embedding the ransom note strings in the binary file, it is downloaded from the attacker-controlled GitHub repository by running an embedded batch file“.
Yashma, first described by the research and intelligence team of BlackBerry in May 2022, it is a derivative version from another ransomware strain known as Chaos.
Yashma handles ransom demands differently than other ransomware
Yashma’s modus operandi, with the anomalous ransom demand, makes him very similar to another already known malicious agent, namely WannaCry.
This similarity, according to security experts, is intended by hackers to confuse the waters and make it more difficult to attribute the ransomware to a specific group.
This type of cyber threat has demonstrated strong growth in recent years. In this sense, just think that Malwarebytes it recorded well 1,900 almost of ransomware in the US, UK, France and Germany only.
Making these attacks even more effective are the zero-day security holes e one-daywith an increase in victims of the 143% in the first quarter of 2023 compared to the same period of the previous year.
For users, the precautions to avoid ransomware still remain the same. Avoid suspicious websites and email attachmentscombining these precautions with the use of a antivirus reliable.