.png)
BOOK THIS SPACE FOR AD
ARTICLE AD15. August 2021
This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Heimdal Security researchers have unearthed a new ransomware strain along with a ransomware note, signed by a group calling itself ‘DeepBlueMagic’.
On Wednesday, 11th of August, security researchers detected ‘DeepBlueMagic’ which had been used in an attack on a device running Windows Server 2012 R2. The ransomware operates differently from all other previously detected ransomware strains, researchers said after analyzing the ransomware variant.
Modus Operandi of DeepBlueMagic Ransomware
DeepBlueMagic ransomware used a legitimate third-party encryption tool called ‘BestCrypt Volume Encryption’ by Jetico. Instead of encrypting files on the victim’s system, the ransomware first targeted different disk drives on the server, with the exception of the system drive located in the (“C:\” partition).
“The ‘BestCrypt Volume Encryption’ was still present on the accessible disk, C, alongside a file named ‘rescue.rsc’, a rescue file commonly used by Jetico’s software to retrieve the partition in case of damage. But unlike in the legitimate uses of the software, the rescue file itself was encrypted as well by Jetico’s product, using the same mechanism, and requiring a password in order to be able to op […]Read the original article: ‘DeepBlueMagic’ – Newly Discovered Ransomware With Unique Modus Operandi
By continuing to use the site, you agree to the use of cookies. more information
Bengali (Bangladesh) · 
English (United States) ·