- The check point has observed that ransomware is reused
- Yurei Ransomware has targeted a Sri Lankan food manufacturing company
- Open Source Ransomware reduces criminals barrier
A new study by Check Point Research revealed that cybercriminals share their tactics using open source ransomware models, which “allows even less qualified threat actors to launch ransomware operations”.
By observing a particular cyber attack that targeted a Sri Lankan food manufacturing company, the researchers were able to identify the new ransomware group, Yurei, only made very slight modifications to an existing tool in the strain of Prince-Rensomware.
The attack is a “double ransomware” model, in which the victim’s files are encrypted, sensitive data is exfiltrated, followed by ransom request to decrypt information, and also to refrain from publishing data on dark websites or selling it to the most offering.
Yurei ransomware
The Ransomware group, named Yurei after a Japanese ghost tale, used an existing open source ransomware project. Open source projects allow actors with low qualification threats to easily enter the space of ransomware.
But, by reusing the prince-ransomware code base, Yurei inherited all the same faults, says research, including “the failure to remove shadow copies” and “surveillance allows partial recovery in the environments where VSS is activated”.
“Although open source malware is a threat, it also gives defenders opportunities to detect and mitigate these variations. However, Yurei has managed to manage their operation on several victims, which shows that even low effort operations can always lead to success,” concludes the study.
Barriers are lowered both in terms of skills and efforts, which are only aggravated by the enormous increase in the use of AI. Only 20% of ransomware is not Powered by AI – and it is used in bypassing Captcha, password crack, code generation and even to build sophisticated social engineering attacks.
