A fresh variant of ransomware has been detected that focuses its attention on individuals and small enterprises. Known as TZW, this new strain requests smaller ransoms from each victim, typically to avoid making headlines. It falls within the Adhubllka ransomware family, with its origins tracing back to January 2020, although its activities can be traced even earlier.
Diving into details
- The challenge researchers faced in identifying TZW as a derivative of Adhubllka was primarily due to the modest ransom amounts the group typically demanded - ranging from $800 to $1,600.
- Like other similar ransomware, this one spreads through phishing emails.
- The attacker group specifically targets individuals and small businesses. This intentional focus helps them avoid getting attention in the media.
- The threat actor requests victims to use a victim portal based on Tor to receive decryption keys once they've paid the ransom.
About Adhubllka
- Over time, numerous instances of Adhubllka samples have been incorrectly categorized or mislabeled as belonging to different ransomware families.
- Additionally, alternative designations have already been applied to the same malware, such as ReadMe, MMM, MME, and GlobeImposter2.0. Surprisingly, all of these aliases are actually linked to the Adhubllka ransomware family.
- In 2020, the threat group TA547 employed variants of Adhubllka in their campaigns aimed at diverse sectors within Australia.
The bottom line
The researchers predict the possibility of the Adhubllka ransomware family undergoing a rebranding with different names, and there's a chance that other groups might adopt it for their ransomware endeavors. This study underscores how ransomware is intricately designed to confuse those seeking to counter cybercriminals. It emphasizes the significance of safeguarding against such attacks by implementing effective endpoint security measures.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_125855471.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/4456_shutterstock_2041846232.jpg)
