A new ransomware threat is around to disrupt the business sector.
Identified as Pay2Key ransomware, the malware has already targeted numerous firms even before discovery.
The ransomware is already active in the wild and has targeted numerous firms in recent attack waves.
The threat actors behind this ransomware seem to have stayed under the radar. However, the wave of attacks eventually drew attention of the cybersecurity community to detect this new malware. Pay2Key initially remained undetected by most antimalware tools. Though, it does not exhibit any stealth properties or functionalities evading security. However, until the time of writing this article, VirusTotal shows that at least 34 engines can now detect this ransomware.
Further analyses of Pay2Key reveals its actual identity as Cobalt (different from Cobalt Strike), with the executable file ‘Cobalt.Client.exe’.
The ransomware enters the target network via RDP and then laterally spreads rapidly across the network via ‘psexec.exe’. The malware performs this infection very quickly, encrypting the entire network within an hour. Pay2Key uses the standard AES and RSA algorithms for encryption. However, the encryption activity relies on an active internet connection with C&C that supplies the RSA key.
Analyses also hints that the threat actors use Ngrok as backdoor to maintain persistent access to the target network.
Alongside encryption, the malware probably steals the victim’s data as well – a practice increasingly becoming common among ransomware gangs. The attackers also proudly mention the same in the ransom note as well.
Read full article on https://latesthackingnews.com/2020/11/10/new-pay2key-ransomware-emerges-as-the-latest-threat-for-organizations/
#pay2key #ransomware #stealdata #mindyourdata #yokdata #blog