Monday, January 25, 22:35
Home security Malware scans systems to steal military data

Malware scans systems to steal military data

Recently one came to light new malware, which appears to be related to ransomware Ryuk, which scans for information systems to steal sensitive personal and military information and then uploads them to an FTP site.

Although it has many similarities to Ryuk, one key difference between them is that while Ryuk only encrypts files, this new malware steals files by uploading them to a site that you control from intruders.

What exactly is going on?

The new malware activates a scan of all the files available on the infected machine. Looks for files with .doc or .xlsx extensions to steal.

Malware ignores files and folders like Microsoft and Intel while scanning, and also overrides files with the .ryk extension. When a file with a .doc or .xlsx extension is detected, the malware first validates the file by checking whether it contains a document or word worksheet.

The names of valid files are compared to a list of malicious keywords, which includes words such as "military", "secret" and "hidden". This shows that the malware specifically targets confidential data. It also checks for certain names, which are believed to come from the US Social Insurance Agency's list of the most popular names.

Similarities to Ryuk Ransomware

As has been observed, this new malware has similarities to Ryuk ransomware, which has led to speculation that they might be related in some way.

There are code similarities between the new malware and Ryuk.

As already mentioned, the new malware skips files related to Ryuk, such as the .ryk extension, and also contains some references to Ryuk in its code.

However, Ryuk does not need prerequisites for it to run, as opposed to new malware that requires DLL execution.

Security investigators are still searching for samples to analyze how the hacker infect and launch an attack.

While this malware appears to be related to the infamous Ryuk ransomware, it is not clear if the team behind Ryuk is responsible for this malware or if another team has accessed the code and modified it.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

00:02:40

COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...
00:02:17

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...