Microsoft cybersecurity experts: The goal is to stay under the radar and establish persistence in targeted networks. The APT attacked France and Vietnam.
Cybercrime is spreading a new Ransomware-as-a-service: Exorcist. It doesn’t attack CIS countries and works without internet connection. The ransom, if it is not paid on time, triples
It has been dubbed Exorcist, and is a new ransomware on the wild. It has been discovered by the cyber security expert Leandro Velasco. The malware exploits AES 256+RSA 4096 encryption. It works with files through IOCI, and without an internet connection, and is written on C using WinAPI. Furthermore, MalwareHunterTeam reports, it checks for CIS countries in a way before any action: it checks locale. Also, in the data it sends back, there is a “hasrukeys”, which is based on GetKeyboardLayoutList values. Cybercrime is spreading it as a ransomware-as-a-service (RaaS), with partner commission 30% according 3xp0rt, and it already made some victims. Furthermore, if the ransom is not payed in a certain time, the decryptor cost will increase three times. the At the moment, however, the ways of spreading of the malicious code are not known.