Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks
The ransomware is rudimentary with basic functionalities, likely having been created by an inexperienced developer — but it's effective at locking up files and sucking up memory capacity.
A ransomware strain coined "ShadowRoot" has been found targeting Turkish businesses through phishing attacks.
The phishing emails contain a PDF attachment disguised as an invoice with embedded malicious links. Upon user interaction, this triggers a download of a RootDesign.exe file hosted on a compromised GitHub account.
The downloaded file is a Delphi binary and, according to researchers at Forcepoint who analyzed the exe, it drops further payloads: "C:\TheDream\RootDesign.exe," "C:\TheDream\Uninstall.exe” and “C:\TheDream\Uninstall.ini".
"We have observed recursive self-process creation by RootDesign.exe, which causes the files to get encrypted multiple times, resulting in higher memory consumption," the researchers said. "It also drops many copies of encrypted files on the root."
They add that the ransomware appears "rudimentary" and likely the work belonging to an inexperienced developer.
In addition to user awareness for defense, the researchers recommend blocking the following email addresses to prevent being targeted by the Shadowroot threat actors:
Kurumsal[.]tasilat[@]internet[.]ru
ran_master_som[@]proton[.]me
lasmuruk[@]mailfence[.]com
Read more about:
DR Global Middle East & AfricaAbout the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024