There’s a constant effort from ransomware developers to enhance their malware for its improved efficacy. Two new ransomware variants, identified as Yashma and Nokoyawa, have been discovered lately in the wild.
Researchers from BlackBerry have uncovered and provided details about a recent variant of Chaos ransomware, named Yashma aka Chaos 4.0.
Yashma includes two new improvements, the ability to stop execution on the basis of a victim's location and stop different running processes linked with antivirus and backup software.
The Chaos ransomware builder was first observed on underground forums in June 2021, and within a year, its sixth variant has been released.
According to researchers, this variant, like all its previous variants, is a file destroyer, with no intention of providing any file recovery instructions or a decryption tool.
The new Nokoyawa ransomware shares code similarities with Karma ransomware and is improving itself by reusing code from publicly available sources.
Most added code was copied verbatim from publicly available sources, such as Babuk ransomware code leaked in September 2021.
The ransom note and the way victims contact the attackers have undergone a major change in the new variants. Now, the victim must contact attackers via a .onion URL through a TOR browser.
Moreover, there are new features that maximize the number of files that can be encrypted with this malware.
Ransomware developers are still continuously working on improving their malware. Apparently, the recent shutdown of Conti ransomware is not sufficient to demotivate attackers from putting more effort into enhancing their ransomware. Malware developers are getting comfortable with reusing publicly available code for adding new capabilities to their malware with minimal effort. This poses a serious challenge to the cybersecurity community and demands continuous innovation and efforts.