- Check Point has observed that ransomware is reused again
- Yurei Ransomware has targeted a Sri Lanka food production company
- Open source ransomware lowers the barrier to criminals
A new study at checkpoint research has revealed that cyber criminals share their tactics by using Open Source Ransomware models, which are ‘, enabling even less qualified threat players to start ransomware operations.’
By observing a particular cyberattack that targeted the Sri Lanka food production company, the researchers were able to identify the new Ransomware group, Yurei, made very small changes to an existing tool in the Prince-Ransomware tribe.
The attack is a “double ransomware” model, where the victim’s files are encrypted, sensitive data is exiltered, followed by the demand for a ransom for both decrypt information and also to refrain from placing the data on dark sites or selling them to the most offers.
Yurei Ransomware
The Ransomware Group, called Yurei after a Japanese ghost story, has used an existing open source ransomware project. Open-source projects allow lower development players to enter the ransomware room with ease.
But by recycling Prince-Ransomware’s code base inherited Yurei all the same shortcomings, says research, including ‘the lack of removing volume copies’ and ‘Authority enables partial improvement in environments where VSS is activated.’
“While Open Source Malware is a threat, it also offers defenses to discover and mitigate these variations. However, Yurei managed to run their operation on several victims, which shows that even low -effort operations can still lead to success,” the investigation concludes.
The barriers are lowered both in terms of skill and forces, which are worsened only by the huge increase in the use of AI. Only 20% of ransomware is not Powered by AI – and it is used in CAPTCHA BYPASS, password cracking, code generation and even to build sophisticated social technical attacks.
