Almost half a dozen organizations have already been compromised by the novel AiLock ransomware-as-a-service operation, which exhibits sophisticated file encryption and system infiltration techniques, GBHackers News reports.
Aside from utilizing a dual-threaded file encryption mechanism for encrypting targeted systems' files, AiLock also leverages a hybrid encryption model, with file content and metadata encrypted via the ChaCha20 algorithm and the NTRUEncrypt algorithm, respectively, according to a report from the S2W Threat Intelligence Center. Additional disruptive activities have also been conducted by AiLock which harnesses XOR operations for critical string obfuscation and uses LoadLibrary() and GetProcAddress() for API resolution including service and process cessation, Recycle Bin cleaning, and file icon modifications. With AiLock continuously evolving its infrastructure as it focuses on long-term compromise, organizations have been urged to not only remain alert on the operation's indicators of compromise but also ensure the implementation of robust cyber defense measures and up-to-date detection rules, said researchers.
Aside from utilizing a dual-threaded file encryption mechanism for encrypting targeted systems' files, AiLock also leverages a hybrid encryption model, with file content and metadata encrypted via the ChaCha20 algorithm and the NTRUEncrypt algorithm, respectively, according to a report from the S2W Threat Intelligence Center. Additional disruptive activities have also been conducted by AiLock which harnesses XOR operations for critical string obfuscation and uses LoadLibrary() and GetProcAddress() for API resolution including service and process cessation, Recycle Bin cleaning, and file icon modifications. With AiLock continuously evolving its infrastructure as it focuses on long-term compromise, organizations have been urged to not only remain alert on the operation's indicators of compromise but also ensure the implementation of robust cyber defense measures and up-to-date detection rules, said researchers.
