New SamSam Ransomware Variant Requires Password from Hacker Before Execution


Researchers at Malwarebytes have found that a new variant to the SamSam ransomware has been hitting users wherein the attacker has to put in a password before the malware could be executed.

“In its time being active, SamSam has gone through a slight evolution, adding more features and alterations into the mix,” read the blog post by Malwarebytes Labs. “These changes do not necessarily make the ransomware more dangerous, but they are added to make it just a bit more tricky to detect or track as it is constantly changing.”

According to researchers, this variant does not go into effect without the password, even if the malware is already present in the system. This makes for a more “targeted” attack as the attackers can decide which computers to execute the ransomware on.

Aside from targeted attacks, it also means that only those who know the password can access the ransomware code or execute the attack, making it a tricky malware to understand.

“As analysts, without knowing the password, we cannot analyze the ransomware code. But what’s more important to note is that we can’t even execute the ransomware on a victim or test machine. This means that only the author (or someone who has intercepted the author’s password) can run this attack,” the blog post said on the issue.

“This is a major difference from the vast majority of ransomware, or even malware, out there,” the post went on to say. “SamSam is not the type of ransomware that spreads like wildfire. In fact, this ransomware quite literally cannot spread automatically and naturally.”

SamSam has been a part of several massive cyber attacks since early 2018 and has led to severe damages worldwide. This new variant has only made it more elusive, as the code is inaccessible even to security researchers, which might be another reason for the password requirement.

The ransomware has in the past targeted hospitals, state agencies, city councils, and other enterprises, and caused huge losses when it hit the IT network of Atlanta earlier this year.


Romanian Cybersecurity firm reveals all-in-one espionage tool: RadRAT

Bitdefender, a Romanian Cybersecurity firm, has flushed out a powerful all-in-one toolkit for espionage operations dubbed “RadRAT,” which it became aware of in February this year. The toolkit is an advanced remote access tool that allows full control over seized computers.

“Buried in the malware zoo, the threat seems to have been operational since at least 2015, undocumented by the research community,” the company said in a post.

RadRAT offers powerful remote access options that allow “unfettered control of the compromised computer, lateral movement across the organization and rootkit-like detection-evasion mechanisms.”

“Powered by a vast array of features, this RAT was used in targeted attacks aimed at exfiltrating information or monitoring victims in large networked organizations,” the post read.

Apart from its data exfiltration mechanisms, it also features lateral movement mechanisms such as credentials harvesting, NTLM hash harvesting, retrieving a Windows password, and more, and its command set currently supports 92 instructions.

These commands can be used for various malicious purposes, including file or registry operations, data theft operations, network operations, operations on processes, system information, propagation, and more.

“Unfortunately, while our information about the behavior and technical implementation of this remote access toolkit is complete, we can only guess at the original infection vector, which is most likely a spear phishing e-mail or an exploit,” the cybersecurity firm wrote in its whitepaper on the toolkit.

#OpISIS: A Cyber attack against Twitter accounts related to ISIS


The Islamic State(ISIS) terrorist group is using social networking sites like Twitter to recruit people.  To bring an end to this, Anonymous hacktivists and their affiliates earlier this year launched an operation called "#OpISIS" against the ISIS.

The main motive of the operation is to take down all the websites and mainly Social Media accounts related to the ISIS.

The hacktivists have been on a search to identify Twitter accounts linked to ISIS. In March 2015, they reportedly tracked more than 25,000 Twitter accounts.  Most of the accounts have been reported and removed from Twitter. They also reportedly "destroyed" more than 100 websites.

Anonymous hackers now leaked more than 4000 email addresses, IP addresses and logs which is said to be taken from online communities supporting ISIS. Few links to the dumps have been shared in the Hackers Leaks website.

Some of the Email addresses listed in the dump ends with "*.gov" extension.

Hackers used Xtreme RAT malware to gain access to Israeli Defense computer



 
Seculert, an Israel Cyber Security firm, told Reuters that hackers gained access to the Israeli Defense ministry computer by sending a malicious email containing an Xtreme RAT.

Seculert CTO Aviv Raff told Reuters that earlier this month hackers took control of around 15 computers including the Israel's Civil Administration computer which monitors Palestinians in Israeli-occupied territory.

The firm declined to identify other 14 computers targeted by the hackers. An anonymous source told Reuters these included companies involved in supplying Israeli defense infrastructure.

The latest attack is appeared to be originated from US servers. However, experts noticed some similarities to previous attacks. The firm suspects the Palestinians to be behind the cyber attack.

The firm hadn't determined what hackers did after gaining access to the systems. It believes that hackers had access to the infected computers several days.

Xtreme RAT is the remote access trojan that gives hackers complete access to the infected systems. An attacker is able to steal any documents or execute any other malware code in the system.

The same malware has been used in several other targeted-attacks including attacks targeting 'the Israeli police department', 'syrian anti-government activists' and other governments.