(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

Cyclops cybercriminals create info-stealing ransomware | #ransomware | #cybercrime

Ransomware gang Cyclops is selling new malware that steals data from a network while encrypting it, effectively creating a combination of an info-stealer and a ransomware. The new malware is effective on Windows, Mac OS and Linux and boasts a user-friendly interface which could lower the bar for carrying out attacks.

Ransomware gang Cyclops has turned its gaze on stealing and encrypting data (Photo by Vladimir Zhoga/Shutterstock)

Cyclops has strong links to two other notorious ransomware gangs, LockBit and Babuk, researchers say.

Info-stealing ransomware created by Cyclops

Analysts at security company Uptycs have uncovered the new malware being touted on dark web forums. It is capable of sweeping up information from a target network, encrypting it depositing it on a server for the perpetrator of the attack to read through at their leisure.

A ransom note for the attack is deposited automatically within the target system.

The cybercriminal who has bought the Cyclops malware then has access to the encrypted files via a user panel which also includes a ransom section, designed to manage the negotiation and payment process.

The new combi-malware is effective on all the main operating systems, Windows, Mac OS and Linux. 

Interestingly, members of Cyclops, called “threat developers” in the report, are monitoring the ransom process like a malevolent IT helpdesk, appearing to be on hand in case of any mishaps. “The threat developers are able to promptly address real-time issues and to provide rewards for valuable suggestions,” Uptycs says.

The dark web customer will download the malware from Cyclops for a share of the profits. From that point on they are ushered through the process via the customer interface, through which they can peruse the stolen data and demand a ransom. 

Content from our partners
Five key challenges facing the fashion industry

<strong>How to get the best of both worlds in the hybrid cloud</strong>

The key to good corporate cybersecurity is defence in depth

It is unlikely the purchaser of this malware will have access to much of the profits from the hack, the Uptycs researchers says

According to the report, Cyclops ransomware encryption logic shares similarities with Babuk ransomware, using the same types of encryption.

The gang also has similar encoding techniques to LockBit. Executable strings are encoded and stored as a stack string in both the Cyclops and the LockBit ransomware. 

The FBI took down a botnet by the name of Cyclops Blink in March 2022, which may be of some relation to the current Cyclops. The botnet was said to be directly linked to Russian security force the GRU.

Source link

National Cyber Security