With new obfuscation techniques and attack capabilities, Hello XD ransomware (opens in new tab) It’s now more dangerous than ever, discovered Unit 42, the cybersecurity arm of Palo Alto Networks.
The group found that Hello XD now features a new custom-packaged encryptor that helps malware (opens in new tab) Stay hidden. Also, it comes with new encryption algorithm changes. Instead of the modified HC-128 and Curve25519-Donna, this newly discovered version comes with Rabbit Cipher and Curve25519-Donna. Also, the file marker no longer presents a coherent string, but carries random bytes, further strengthening the encryption.
Additionally, the strain carries a link to an onion website, but according to the researchers, the website is currently offline, possibly pending construction.
Deploying MicroBackdoor
Typically, ransomware operators do two things during the attack: they exfiltrate all sensitive data to a location they can control, and they encrypt everything they find on the target network. That way, if the victim has a backup solution, they can still threaten to release sensitive data online or sell it to third parties.
Hello XD goes a step further, it was discovered that in addition to ransomware, the threat actor also deploys MicroBackdoor, an open source backdoor that allows remote code execution, file exfiltration and system modifications.
The malware’s executable is encrypted with the WinCrypt API and embedded in the ransomware payload, it was said. It also does not have in mind a specific amount of money, which it seeks to earn in exchange for the decryption key. Instead, it tells victims to open a TOX chat service and start a negotiation process.
Hello XD was first spotted late last year, when researchers described it as a spin-off of the then-popular Babuk ransomware. This newly discovered version, however, is a significant step away from Babuk, suggesting that the threat actors behind it plan to develop it further.
To stay safe from cyber attacks, companies are urged to educate their employees about the dangers of phishing, keep their software up to date, and set up a strong antivirus and firewall. (opens in new tab)solution.
Through: BleepingComputer (opens in new tab)