A new ransomware malware dubbed DarkAngels by Cyble Research Labs has been identified. There are similarities between the DarkAngels malware and the Babuk ransomware as uncovered during an analytical analysis of the malware.
The ransom note and TAs website are both named after specific organizations, meaning they were likely created in the context of a highly targeted attack.
Using static analysis, experts have discovered that the malicious file is a 32-bit GUI-based binary, and this is due to its 32-bit Graphical User Interface (GUI) based nature.
By calling the SetProcessShutdownParameters() API, the malware is able to change the priority of the process first, it will change the process priority to zero only before the system shutdown in order to terminate the malware’s activities.
To ensure that its encryption process is not interrupted during the process of encrypting the system, the malware attempts to terminate the services before encrypting the system.
In order to enumerate and retrieve the names of the services running on the victim’s machine, the malware enumerates all available services.
Using the “SHEmptyRecycleBinA() API, the malware removes all items from the Recycle Bin in order to ensure that after the encryption none of the deleted files are restored.
The ransom note entitled “How_To_Restore_Your_Files.txt” was dropped by the malware and instructs the victims to pay the ransom to unlock their files.
As soon as the malware drops the ransom notes, it encrypts the data on the victim’s device and appends the “.crypt” extension to the files.
DarkAngels malware appears to have a strong correlation to the Babuk ransomware code that has long been available on the internet. In general, it is not uncommon for threat actors to use existing code, modify it, and rebrand it in order to gain a competitive edge.
Here below we have listed all the recommendations provided by the security analysts:-
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…
A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…