Malware r

Published on March 14th, 2017 | 272 views Post Views

RanRan Ransomware Targets Middle East Governments

The researchers at Palo Alto Networks have recently come across a new ransomware which was used in some targeted attacks which are aimed at multiple government organisations in the Middle East. Rather than asking for money, the attackers in this campaign are instructing the victims to make a political statement on their own website.

The ransomware, named “RanRan,” and it is designed to encrypt different types of files that are stored on the infected systems, including archives, documents, executables, images, databases, logs, source code and video files. It assigns a .zXz extension to the encrypted files and a HTML file containing instructions to teach the user how to recover the files is dropped onto the device.

Victims are said not to shut down their computers or run any kind of antivirus program as this may lead to “accidental damage on files.” Unlike any other ransomware, which typically asks the user for money, this threat group behind the RanRan instructs the victims to create a subdomain which contains a politically inflammatory name on their website.

The victims are also instructed to upload to the mentioned subdomain a file which is named “Ransomware.txt” with the text “Hacked!” and their own email address.

“By performing these actions, the victim, a Middle Eastern government organisation, has to generate a political statement against the leader of the country,” said Palo Alto Networks researchers. “It also forces the victim to publicly announce that they have been hacked by hosting the Ransomware.txt file.”

▼Advertisements

Palo Alto Networks has not named any of the targeted government organisations and it has not made links to known threat groups. However, the security firm did say that it had not found any connection between these attacks and the recent Shamoon 2 campaign.

According to the researchers, RanRan malware is not so sophisticated and the developers have made some mistakes when implementing the file encryption mechanism, which appears to be based on publicly available source code.

Share on Facebook0Share on Google+1Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0











Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
Millions of Android app accounts can easily be hacked by a very simple trick

More than a billion Android app accounts are at risk If it wasn’t for the efforts of three researchers from...

Close