Ransomware
Google Software Update spoofed by new HavanaCrypt ransomware
Threat actors have been distributing the new HavanaCrypt ransomware family as a fraudulent Google Software Update application, reports SecurityWeek.
Aside from having multiple anti-virtualization check capabilities and a command-and-control server using a Microsoft web hosting service IP address, HavanaCrypt also leverages a namespace method function in its execution process, a report from Trend Micro showed.
Researchers also found that HavanaCrypt deploys executable copies as hidden system files in two folders before generating a unique identifier based on compromised devices' system information. Moreover, encryption keys are generated by HavanaCrypt through KeePass Password Safe's CryptoRandom function, while encrypted files gain the ".Havana" extension.
The report also revealed that a text file containing encrypted files is created and then encrypted by HavanaCrypt, which does not drop a ransom note.
"This might be an indication that HavanaCrypt is still in its development phase. Nevertheless, it is important to detect and block it before it evolves further and does even more damage," said Trend Micro.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds