Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

New custom ransomware variant leveraged by Vice Society operation | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


BleepingComputer reports that the Vice Society ransomware operation has shifted to the new PolyVice ransomware strain, which includes a robust hybrid encryption scheme combining the asymmetric NTRUEncrypt and symmetric ChaCha20-Poly1305-based encryption algorithms.

Initially discovered in July but only fully adopted recently, PolyVice has identical functions as the Chilly and SunnyDay ransomware strains, a report from SentinelOne showed.

However, PolyVice used a different file extension, hardcoded master key, ransom note name, and wallpaper than the other strains, prompting researchers to hypothesize that all strains were developed by the same vendor and suggest the growing prevalence of outsourcing in ransomware tool development.

“The code design suggests the ransomware developer provides a builder that enables buyers to independently generate any number of lockers/decryptors by binary patching a template payload. This allows buyers to customize their ransomware without revealing any source code. Unlike other known RaaS builders, buyers can generate branded payloads, enabling them to run their own RaaS programs,” said SentinelOne.

——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW