Ransomware group uses API calls to spread throughout shared network resources, researchers say.
An emerging threat group dubbed Money Ransomware has adopted the increasingly popular tactic of encrypting and exfiltrating sensitive data from organizations and threatening to leak it if the victim refuses to pay.
Cybersecurity researchers at Yoroi recently published Money Ransomware's indicators of compromise and the results of their investigation into the group's first two victims, one of which was the Bangladesh Airport, the researchers said.
Besides the group's nascent double-extortion ransomware activities, its malware abuses the Windows API function WNetAddConnection2W to establish a connection with other network assets and spread.
"This poses a significant concern for organizations, as a single infected system can rapidly result in extensive damage and data loss," Yoroi's report on Money Ransomware said. "To mitigate this risk, it is vital for organizations to adopt a proactive approach to network security. This includes regularly patching and updating software, employing firewalls and other network security tools, and educating employees on how to recognize and avoid common phishing and social engineering attacks."
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024