Underground ransomware exhibits sophistication, report finds

Advanced techniques have been employed by the Underground ransomware gang in its attacks around the world since its reemergence with an overhauled leak site in May 2024, GBHackers News reports. Hybrid cryptography with AES symmetric encryption, RSA asymmetric encryption, and random number generation has been leveraged by the Underground ransomware payload to compromise high-value data while hindering file decryption with local forensic artifacts alone, according to an analysis from the AhnLab Security Intelligence Center. Underground ransomware also moves to halt MSSQLSERVER, SQLSERVERAGENT, and MSSQLFDLauncher services that meddle with encryption, while avoiding critical paths resolved from environment variables. Such actions would then be followed by Underground ransomware's removal of all event logs and integration of a ransomware note. Organizations have been advised to not only ensure protected offsite backups, robust repository access controls, and regular recovery drills, but also implement endpoint detection and response tools.