© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Red alert: ransom gangs are on the rise


Three new ransomware groups have emerged to lead a fresh wave of threat actors targeting businesses and organizations, says cyber watchdog Cyble.

RedAlert appears to be targeting corporate victims and takes its name from a string of code used in its ransom notes, though it calls itself N13V.

“RedAlert or N13V is a new ransomware strain that targets both Windows and Linux VMWare ESXi servers on corporate networks,” said Cyble, adding that it hijacks machines and encrypts all files related to them, preventing them from functioning.

Interestingly, the threat actors behind RedAlert only accept ransom payments in Monero, which Cyble says is unusual for ransomware groups. Bitcoin is generally regarded as the most commonly used method of monetizing extortion among ransom gangs.

Lilith is particularly virulent due to its versatility, according to Cyble. “This threat can affect many file types and render them completely unusable,” it said. “Lilith ransomware encrypts files on the victim’s machine and appends the extension of encrypted files as .lilith. Afterward, a ransom note is created on the system to demand payment.”

Victims then have three days to pay up before the threat actors using Lilith threaten to start leaking files. It is not clear how soon they make good on such threats, as ransomware gangs are often willing to negotiate.

“Upon execution, Lilith ransomware initially searches for a list of hardcoded processes in the file and terminates its execution if any of them are running on the target’s machine,” said Cyble. “This step ensures that these processes do not block access to the files to be encrypted.”

0mega is thought to be affiliated with a group of the same name that deploys ‘double extortion’ tactics, whereby a victim’s files are encrypted and rendered useless without an access key and the group responsible also threatens to leak the data if an additional payment is not made.

Cyble warned that over the past two years ransomware activity had reached “record levels,” driven by older groups rebranding and the advent of new ones such as Lilith, RedAlert, and 0mega.

“Ransomware groups continue to pose a severe threat to firms and individuals,” it added. “Organizations need to stay ahead of the techniques used by TAs [threat actors] besides implementing the requisite security best practices and controls. Ransomware victims are at risk of losing valuable data as a result of such attacks, resulting in financial loss.”


More from Cybernews:

Cybersecurity skills shortage paradox

Why are we so careless with our passwords?

UK police arrest three using facial recognition

Ex-CIA hacker convicted of data leak

Bandai Namco confirms cyberattack

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked