- Check Point has observed that ransomware is being reused
- Yurei’s ransomware has been aimed at a Food Manufacturing Company of Sri Lanka
- Open source ransomware reduces the barrier to criminals
A new study by Check Point Research has revealed that cybercriminals are sharing their tactics through the use of open source ransomware models, which “allows less qualified threat actors to launch ransomware operations.”
When observing a particular cyber attack that went to a food manufacturing company in Sri Lanka, the researchers were able to identify the new ransomware group, Yurei, only made very light modifications in an existing tool in the Prince-Ransomware strain.
The attack is a model of ‘double ransomware’, in which the victim’s archives are encrypted, confidential data is exfiltrated, followed by the demand for a rescue to decipher the information and also to refrain from publishing the data on dark websites or selling it to the highest bidder.
Yurei Ransomware
The ransomware group, called Yurei after a Japanese ghost story, has used an existing open source ransomware project. Open source projects allow lower rating threat actors to enter the ransomware space easily.
But, when reusing the Prince-Ransomware Code base, Yurei inherited all the same defects, says the investigation, including the “failure to eliminate copies of the shadow of volume” and the “supervision allows partial recovery in environments where the VSS is enabled.”
“While open source malware is a threat, it also gives defenders opportunities to detect and mitigate these variations. However, Yurei managed to execute its operation in several victims, which shows that even low effort operations can still lead to success,” the study concludes.
Barriers are reduced both in terms of skill and effort, which is only aggravated by the enormous increase in the use of AI. Only 20% of ransomware is No Promoted by AI, and is used in captcha bypass, password cracking, code generation and even to build sophisticated social engineering attacks.
