[ALERT!] NEW RANSOMWARE STRAIN GOES EXCLUSIVELY AFTER SERVERS

Danny Palmer at ZDnet alerted on the following: “An unconventional form of ransomware is being deployed in targeted attacks against enterprise servers – and it appears to have links to some of the most notorious cyber criminal groups around.”

The previously undetected server-encrypting malware has been detailed in research by cyber security analysts at Intezer and IBM X-Force, who’ve named it PureLocker because it’s written in the PureBasic programming language.

It’s unusual for ransomware to be written in PureBasic, but it provides benefits to attackers because sometimes security vendors struggle to generate reliable detection signatures for malicious software written in this language. PureBasic is also transferable between Windows, Linux, and OS-X, meaning attackers can more easily target different platforms.

“Targeting servers means the attackers are trying to hit their victims where it really hurts, especially databases which store the most critical information of the organization,” Michael Kajiloti, security researcher at Intezer told ZDNet.

The source code of PureLocker ransomware offers clues to its exclusive nature, as it contains strings from the ‘more_eggs’ backdoor malware.  This malware is sold on the dark web by what researchers describe as a ‘veteran’ provider of malicious services.

These tools have been used by some of the most prolific cyber criminal groups operating today, including Cobalt Gang and FIN6 — and the ransomware shares code with previous campaigns by these hacking gangs. It indicates the PureLocker is designed for criminals who know what they’re doing and know how to hit a large organisation where it hurts.

To continue reading, check out KnowBe4’s full blog post here.