The RURansom malware traces the IP location of the victim machine and is executed only if it detects an IP belonging to Russia. Figure 2: File Info of RURansom Malware Geolocation Identification
In this blog, we will conduct a deep-dive technical analysis of the RURansom Malware used in the attack. Figure 1 Ransom Note written in Russian Technical Analysis Finally, the malware drops ransom notes in the Victim’s machine as shown in Figure 1. The RURansom malware operates by wiping the files present in the victim’s computer and spreads like a worm within the network or through connected USB devices. Adding to this existing list of destructive malware, researchers have now found the RURansom wiper malware.
#DEEPMP3 RUSSIAN WEBSITE VIRUS SERIES#
The ongoing cyber warfare between Russia and Ukraine has witnessed a series of different Wiper Malware attacks including WhisperGate, HermeticWiper, and IsaacWiper malware. This malware is called RURansom as the file’s Program Database (PDB) contains a sub string “RURansom”, as shown below:Ĭ:\Users\Admin1\source\repos\RURansom\RURansom\obj\Debug\RURansom.pdb During our regular OSINT research, Cyble Research Labs came across a twitter post by the MalwareHunter team, highlighting a ransomware named RURansom which was found attacking Russia.
0 kommentar(er)
