What is Ransom Cartel? A ransomware gang focused on reputational damage

data breach


network threats

AI generated Image

Code similarities to REvilThe Windows ransomware program has an encrypted configuration file that contains the attackers’ Curve25519-donna key used in the encryption routine; a list of files, folders, and extensions to avoid encrypting; a list of processes and system services to terminate; and the ransom note contents. In addition to the strong similarity in encryption and key generation methods between REvil and Ransom Cartel’s ransomware programs, there are overlaps in the way the encrypted configuration is stored in the ransomware binary and the way it’s formatted once decrypted. The only difference was in the instructions to access the Tor website used for communication with victims, which requires authentication using a unique key generated by the ransomware for every victim.

Source read time: 7 min - csoonline.com

Also offered in: Nederlands

More news for you