HomesecurityBlackCocaine ransomware: The new malware in the threat landscape

BlackCocaine ransomware: The new malware in the threat landscape

Recently, its security researchers Cyble investigated an attack on 30 May 2021The Nucleus Software, an IT company based in India active in the field of banking and financial services. The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI). Nucleus Software stated that it does not store financial customer data.

Cyble researchers have discovered that the company fell victim to the BlackCocaine ransomware gang.

Read also: White House: Calls on businesses to take ransomware attacks seriously

Like other ransomware gangs, this ransomware gang behind this threat manages its own site (hxxp: // blackcocaine [.] Top) recently registered for the start of the gang's activities.

BlackCocaine ransomware
BlackCocaine ransomware: The new malware in the threat landscape

Cyble mentions in a related blog post the following: "Based on the analysis, the Cyble research team found that Nucleus Software is the first victim of the BlackCocaine ransomware gang. WHOIS domain information reveals that the BlackCocaine ransomware domain was registered on May 28, 2021 ".

In addition, the researchers pointed out that a file with the name a.BlackCocaine recently submitted to different public sandboxes.

See also: The Irish health service is still having problems after ransomware

Ransomware enumerates system files while encrypting victim files, and then appends the extension ".BlackCocaine" in the names of the encrypted files. The researchers added that ransomware uses the AES and RSA encryption methods.

Once a file is encrypted, ransomware "drops" ransom notes with the file name “HOW_TO_RECOVER_FILES.BlackCocaine.txt” to the victim's device.

BlackCocaine ransomware
BlackCocaine ransomware: The new malware in the threat landscape

BlackCocaine ransomware is written in the programming language Go and has been written with the tool Mingw. The payload file is an executable UPX-packed 64-bit Windows file. The ransomware payload Written on May 29, 2021, while applying many anti-VM and anti-debugging techniques.

Proposal: Sophos: Discovered new ransomware targeting Windows

It should be noted, however, that experts have not yet identified the original carrier of BlackCocaine.

The researchers' report states: "BlackCocaine is the latest addition to the ransomware group and seems to be one of the most sophisticated and active executives malware. This ransomware family follows the same server-side encryption model to lock user documents and request ransom. "

Source of information: securityaffairs.co

Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS