26. May 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

Nokoyawa is a new malware for Windows that first appeared early this year. The first samples gathered by FortiGuard researchers were constructed in February 2022 and contain significant coding similarities with Karma ransomware that can be traced back to Nemty via a long series of variants. 

NOKOYAWA is a ransomware-type piece of malware that the research team discovered and sampled from VirusTotal. It’s made to encrypt data and then demands payment to decode it. 

FortiGuard Labs has seen versions constructed to run only on 64-bit Windows, unlike its precursor Karma, which runs on both 32-bit and 64-bit Windows. For customized executions, Nokoyawa provides many command-line options: help, network, document, and Encrypt a single file using the path and dir dirPath. 

Nokoyawa encrypts all local disks and volumes by default if no argument is provided. The “-help” argument is intriguing because it shows that the ransomware creators and the operators who deploy and execute the malware on affected PCs are two independent teams. Nokoyawa encrypts files that do not end in.exe,.dll, or.lnk extensions using multiple threads for speed and efficiency. Furthermore, by verifying the hash of its names with a list of hardcoded hashes, some folders, and their subdirectories are prohibited from encryption.

Nokoyawa produces

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: