Global attack spree launched by Kawa4096 ransomware gang

Organizations in various sectors around the world, particularly in the U.S. and Japan, have been targeted by the nascent Kawa4096 ransomware gang since its initial discovery in June, Cyber Security News reports.

Advanced double extortion tactics have been employed by Kawa4096, which has deployed ransomware that features not only comprehensive and controlled file encryption capabilities that avoid possible system conflicts and ensure maximum efficiency but also ends critical processes to circumvent detection and recovery efforts, according to an analysis from the AhnLab Security Intelligence Center. Among the processes avoided by Kawa4096 are outlook[.]exe, excel[.]exe, sqlservr[.]exe, and firefox[.]exe.

Moreover, Kawa4096 has also been using a unique Tor-based data exfiltration platform to pressure impacted entities into fulfilling its ransom demands, said ASEC researchers. Such findings reveal Kawa4096's highly coordinated operations, which could presage even more widespread intrusions worldwide, researchers added.