Specialists at Trend Micro analyzed a set of CMD-based ransomware samples that appear to have advanced capabilities to steal sensitive information, bypass remote desktop connections, and a feature to spread via physical drives and emails alike called YourCyanide.

Identified as YourCyanide, this new ransomware integrates documents from PasteBin, Discord and Microsoft to hide its payload before the final stage of infection, in addition to employing other obfuscation methods and exploiting variables in each compromised environment. Although the malware is still under development and some of its tasks are still not working as expected, the researchers believe that this variant could evolve into its final form soon.

While YourCyanide and its other variants don’t currently have as much of an impact as other families, it does represent an interesting upgrade to ransomware kits by bundling a worm, ransomware, and information stealer into a single mid-tier ransomware framework.

The continued use of obfuscated scripts makes it very difficult to identify YourCyanide malicious payloads, which is very favorable for threat actors. Although this is not a completely new technique, the way it is used by the operators of this malware variant makes the obfuscation process much more efficient.

Furthermore, it is very likely that the developers of this malware continually monitor reports like the one prepared by Trend Micro, collecting a lot of critical information to improve the ransomware’s performance. As mentioned above, the analyzed samples are incomplete versions of YourCyanide, so it is difficult to say with certainty how dangerous its final version will be, so we must be aware of how this threat will evolve.


Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *