Walmart security teams have reported the detection of a ransomware-as-a-service (RaaS) operation identified as Sugar. Experts working for the retail giant claim that Sugar is written in Delphi and appears to have many other ransomware variants.
Unlike other popular ransomware families, Sugar primarily targets individual computer administrators rather than attacking corporate networks, which doesn’t make it any less dangerous. The researchers note that this variant is characterized by its powerful activator, reusing its activation code in the malware itself.
An analysis of the ransomware revealed similarities to the ransom note used by the REvil ransomware operators, but also differences and misspellings, and similarities between the Sugar decryption page and the Cl0p decryption page.
With major ransomware operations announcing shutdowns or being frequently targeted by law enforcement, any new operation can draw the attention of the cybersecurity community, so researchers recommend keeping abreast of any new variants that may result. dangerous for all companies that handle sensitive information.
