Zoom Zoom: Dark Power Ransomware Extorts 10 Targets in Less Than a Month

  /     /     /  
Publicated : 23/11/2024   Category : security


Zoom Zoom: Dark Power Ransomware Extorts 10 Targets in Less Than a Month


A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.



A nascent ransomware gang has burst onto the scene with vigor, breaching at least 10 organizations in less than a months time.
The group, which Trellix researchers have named Dark Power, is in most ways like any other ransomware group. But it separates itself from the pack due to sheer speed and lack of tact — and its use of the Nim programming language.
We first observed them in the wild around the end of February, notes Duy Phuc Pham, one of the authors of a Thursday
blog post profiling Dark Power
. So its only been half a month, and already 10 victims are affected.
Whats odd is that there seems to be no rhyme or reason as to whom Dark Power targets, Trellix researchers said. The group has added to its body count in Algeria, the Czech Republic, Egypt, France, Israel, Peru, Turkey, and the US, across the agricultural, education, healthcare, IT, and manufacturing sectors.
One other significant way that Dark Power distinguishes itself is in its choice of programming language.
We see that there is a trend where cybercriminals are extending to other programming languages, Pham says. The trend is
fast spreading among threat actors
. So even though theyre using the same kind of tactics, the malware will evade detection.
Dark Power utilizes Nim, a high-level language
its creators describe
as efficient, expressive, and elegant. Nim was a bit of an obscure language originally, the authors noted in their blog post, but is now more prevalent with regards to malware creation. Malware creators use it since it is easy to use and it has cross-platform capabilities.
It also makes it more difficult for the good guys to keep up. The cost of the continuous upkeep of knowledge from the defending side is higher than the attacker’s required skill to learn a new language,” according to Trellix.
The attacks themselves follow a well-worn
ransomware playbook
: Social-engineering victims through email, downloading and encrypting files, demanding ransoms, and extorting victims multiple times regardless of whether they pay.
The gang also engages in
classic double extortion
. Even before victims know theyve been breached, Dark Power might have already collected their sensitive data, Pham explains. And then they use it for the second ransom. This time they say that if youre not going to pay, were going to make the information public or sell it on the Dark Web.
As always, its a Catch-22, though, because there is no guarantee that if you pay the ransom, there will be no consequences.
Thus, enterprises need to have policies and procedures in place to protect themselves, including the ability to detect Nim binaries.
They can try to establish robust backup and recovery systems, says Pham. This is, I think, the most important thing. We also suggest that organizations have a very precise, very powerful incident response plan in place before all of this can happen. With that, they can reduce the impact of the attack if it occurs.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Zoom Zoom: Dark Power Ransomware Extorts 10 Targets in Less Than a Month