Cybercriminals are constantly working on new attack techniques, such as developing new and new ransomware. Now, for example, a “malware” called Exmatter has been identified – writes the National Cyber Defense Institute citing researchers from Cyderes Special Operations and Stairwell Threat Research.
On the one hand, Exmatter allows attackers to leak predefined file types before running code that encrypts the files on the attacked system, and on the other hand, it introduces a rather “power-efficient” tactic: it corrupts the files instead of encrypting them.
In the first step, it goes through the entire directory structure of the backups mounted on the “victim’s” machine and creates a file queue (queue) based on the extensions specified by the creators. The selected files are then sequentially copied to the attacker’s server, and a class called Eraser processes them and overwrites the beginning of a randomly selected file with a segment of random size to the beginning of another file, thus corrupting it. This method ─ because it overwrites with legitimate data ─ also allows hackers to evade ransomware detection. The new data-damaging tactic detailed by the researchers could start a new, dangerous trend among ransomware groups.
Source: Napi.hu by www.napi.hu.
*The article has been translated based on the content of Napi.hu by www.napi.hu. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!