Apr 05 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s bursting at the seams like Brendan Frasier #TheWhale
Today’s hottest cyber security stories:
Bad news, folks: today’s is a very ransomware-heavy edition of Gone Phishing. Up first we have Money Message, which has been wreaking havoc over the last week or so, demanding money (clue’s in the name!) in exchange for sparing its victims files. So, basically a case of ‘pay up or lose everything’. Lovely.
For those who don’t know, ransomware attacks are when hackers (or threat actors) hack into a system and either lock users out or threaten to release sensitive information if the victim doesn’t pay the ransom.
The ransom tends to be demanded in cryptocurrency, often Monero coin or, more recently, Dero coin. Oh Dero, oh dear.
Okay, let’s get into the specifics of this latest ransomware attack which appears to be targeting large corporations. I mean, if you’re going to dedicate yourself to a life of cybercrime, why not go hog wild? “He who dares, wins”, in the enduring words of Del Boy.
The new group called Money Message was observed demanding million-dollar ransoms in exchange for a ‘decryptor’.
The devil’s in the details:
Although Money Message may not seem like a sophisticated form of malware, it is still a significant threat to companies, as it steals data and uses it to ruthlessly extort them.
Additionally, the frequent appearance of new ransomware groups underscores the increasing number of threats facing organizations.
Check yo’ self before you wreck yo’self, fool!
As a result, it is crucial to implement appropriate defences and prioritize your safety.
Whether the victims choose to pay or not, these attacks often end up costing millions 🗿🗿🗿
To our fellow nerds out there who are familiar with the graphic novel turned movie The Watchmen, you’ll know that the real Rorschach would be the one apprehending the scumbag ransomware scammers and dishing out some downright gratuitous violence in the process.
Alas, his good name has been tarnished by a new ransomware that’s his namesake. This one appeared on the scene yesterday and has already set itself apart from the ransomware riffraff.
Indeed, Check Point Research said in a new report: “What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware.
“In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.” Hats off! Wait, no. You suck, Rorschach! Not you, Rorschach – other Rorschach.
Sneaky, sneaky, Sir
“The Rorschach ransomware employs a highly effective and fast hybrid-cryptography scheme, which blends the curve25519 and eSTREAM cipher hc-128 algorithms for encryption purposes,” researchers Jiri Vinopal, Dennis Yarizadeh, and Gil Gekker explained.
This process is designed to only encrypt a specific portion of the original file content instead of the entire file and employs additional compiler optimization method that make it a “speed demon.”
Speed demon, huh? Think I’d rather a Bugatti Veyron. #FreeAndrewTate lol
Oh, why do I scam this way? Hey, must be the money! Remember Ride Wit Me? Nelly? Anyone? Bueller? Geez, getting old.
So, hallelujah this one actually isn’t a ransomware. But it still sucks… Here’s an expert to tell you a little more:
“Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges,” Trustwave SpiderLabs Research said in a report.
If that wasn’t bad enough, the stealer malware can display forged dialogs to deceive users into entering a two-factor authentication code to withdraw digital assets. Scary stuff.
“The Rilide stealer is a prime example of the increasing sophistication of malicious browser extensions and the dangers they pose,” Trustwave concluded.
Sorry, folks. Hopefully we’ll have some good news you for tomorrow. One can only dream…
So long and thanks for reading all the phish!