Meet Rhysida, a New Ransomware Strain That Deletes Itself
Emerging RaaS operation uses Rhysida ransomware paired with a wicked infostealer called Lumar, researchers warn.
Operating since last May, an emerging ransomware strain called Rhysida was deployed along with new stealer malware called Lumar for a potent new one-two punch against Brazil's popular PIX payment system users.
Researchers from Kaspersky reported Rhysida is functioning as a ransomware-as-a-service (RaaS) operation with a demonstrated ability to quickly evolve.
"It stands out for its unique self-deletion mechanism and compatibility with pre-Windows 10 versions of Microsoft. Written in C++ and compiled with MinGW and shared libraries, Rhysida showcases sophistication in its design," Kaspersky said in its findings about the group. "While relatively new, Rhysida faced initial configuration challenges with its onion server, revealing a group's rapid adaptation and learning curve."
The ransomware campaign targeting PIX has been ongoing since December 2022, the Kaspersky team noted, adding that Rhysida was deployed along with a complimentary malware-as-a-service (MaaS) infostealer called Lumar to target users of the payment system.
Lumar first emerged in July 2023, the report added, and can steal data on Telegram sessions, passwords, cookies, autofill information, desktop files, and even cryptographic wallets.
Notably, the Kaspersky team said the Lumar stealer is compact, without sacrificing functionality.
"The malware's efficient data collection is facilitated by the use of three separate threads," the report added. "The C2, hosted by the malware author as a Malware as a Service (MaaS), provides user-friendly features such as statistics and data logs. Users can download the latest version of Lumar and receive Telegram notifications for incoming data."
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024