Amateur criminals who use do-it-yourself solutions to increase their attacks are now an increasing threat for the internet users. Kaspersky’s GReAT (Global Research & Analysis Team) published a report that describes the recent ransomware attacks with the use of code.
The report sheds a light on the tools and the methods that are used by organized ransomware groups and single users. According to its findings the ransomware criminal organisations have a vast variety of tools and samples at their disposal. They often own sample ransomware, while isolated users often use DIY leaked variations to launch their attacks.
The study by Kasperksy reveals recent ransomware attacks, which take advantage of the source code leaks, by allowing the attackers to locate their victims and reproduce fast any malware activity, thus constituting them a significant threat.
Last April, the SEXi team attacked IxMetro, by using a recent ransomware variation called SEXi. This group targets ESXi apps while all the recognized victims used versions of the apps that were not supported.
SEXi uses different ransomware versions for every platform – Bakuk for Linus and Lockbit for Windows. They are, also, the only ones using this Session app for communication, with a unified ID for multiple attacks. This lack of professionalism and the absence of a TOR leak website made them stand out even more.
Continue reading
