Meet Rhysida, a New Ransomware Strain That Deletes Itself

  /     /     /  
Publicated : 23/11/2024   Category : security


Meet Rhysida, a New Ransomware Strain That Deletes Itself


Emerging RaaS operation uses Rhysida ransomware paired with a wicked infostealer called Lumar, researchers warn.



Operating since last May, an emerging ransomware strain called Rhysida was deployed along with new stealer malware called Lumar for a potent new one-two punch against Brazils popular PIX payment system users.
Researchers from Kaspersky reported Rhysida is functioning as a
ransomware-as-a-service
(RaaS) operation with a demonstrated ability to quickly evolve.
It stands out for its unique self-deletion mechanism and compatibility with pre-Windows 10 versions of Microsoft. Written in C++ and compiled with MinGW and shared libraries, Rhysida showcases sophistication in its design, Kaspersky said in its findings about the group. While relatively new, Rhysida faced initial configuration challenges with its onion server, revealing a groups rapid adaptation and learning curve.
The
ransomware
campaign targeting PIX has been ongoing since December 2022, the Kaspersky team noted, adding that Rhysida was deployed along with a complimentary malware-as-a-service (MaaS) infostealer called Lumar to target users of the payment system.
Lumar first emerged in July 2023, the
report
added, and can steal data on Telegram sessions, passwords, cookies, autofill information, desktop files, and even cryptographic wallets.
Notably, the Kaspersky team said the Lumar stealer is compact, without sacrificing functionality.
The malwares efficient data collection is facilitated by the use of three separate threads, the report added. The C2, hosted by the malware author as a Malware as a Service (MaaS), provides user-friendly features such as statistics and data logs. Users can download the latest version of Lumar and receive Telegram notifications for incoming data.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Meet Rhysida, a New Ransomware Strain That Deletes Itself