Brother
Professional
- Messages
- 2,590
- Reaction score
- 532
- Points
- 113
How can I protect my computer from a new threat and protect myself from the consequences?
Cybereason security researchers have discovered a new version of the "DJVU" ransomware, which is distributed under the guise of free software.
According to security expert Ralph Villanueva, the attackers use an already well-known attack scheme, but this time we are talking about a variation of DJVU, which adds the extension ".xaro" to encrypted files, and therefore the researchers gave the malware the name "Xaro".
The DJVU program itself is a type of extortionist software and is often bundled with infostealers such as RedLine Stealer and Vidar, which makes DJVU attacks particularly devastating.
In the last recorded attack, the malicious archive was disguised as a site with freely distributed software. Running the file led to the installation of PrivateLoader, a malware loader that communicates with the attackers ' C2 server and downloads RedLine Stealer, Vidar, XMRig, and other malicious programs from there.
Attack pattern
According to the researchers, the main purpose of attackers is to collect confidential data and extortion, and the Xaro malware itself is designed more for ordinary users than for organizations. This is because the ransom amount is very affordable — $980, and when paid within 72 hours, it is reduced to $490. Just like with car fines.
However, even for corporate networks, this ransomware can pose a very real threat, since the speed and scale of distribution on infected machines does not leave a chance for the safety of information.
Attackers often disguise themselves as free software to secretly install malicious code, so you should be especially vigilant when downloading such programs.
You should always carefully check the site with the necessary software for legitimacy, as well as use reliable antivirus solutions that can intercept the threat if necessary. Regular software updates and information backups will also significantly increase the chance of getting off lightly.
Cybereason security researchers have discovered a new version of the "DJVU" ransomware, which is distributed under the guise of free software.
According to security expert Ralph Villanueva, the attackers use an already well-known attack scheme, but this time we are talking about a variation of DJVU, which adds the extension ".xaro" to encrypted files, and therefore the researchers gave the malware the name "Xaro".
The DJVU program itself is a type of extortionist software and is often bundled with infostealers such as RedLine Stealer and Vidar, which makes DJVU attacks particularly devastating.
In the last recorded attack, the malicious archive was disguised as a site with freely distributed software. Running the file led to the installation of PrivateLoader, a malware loader that communicates with the attackers ' C2 server and downloads RedLine Stealer, Vidar, XMRig, and other malicious programs from there.
Attack pattern
According to the researchers, the main purpose of attackers is to collect confidential data and extortion, and the Xaro malware itself is designed more for ordinary users than for organizations. This is because the ransom amount is very affordable — $980, and when paid within 72 hours, it is reduced to $490. Just like with car fines.
However, even for corporate networks, this ransomware can pose a very real threat, since the speed and scale of distribution on infected machines does not leave a chance for the safety of information.
Attackers often disguise themselves as free software to secretly install malicious code, so you should be especially vigilant when downloading such programs.
You should always carefully check the site with the necessary software for legitimacy, as well as use reliable antivirus solutions that can intercept the threat if necessary. Regular software updates and information backups will also significantly increase the chance of getting off lightly.
