Ransomware, Malware, Threat Intelligence

Joint RustyStealer, Ymir ransomware attacks emerge

Share

Operators of the newly emergent Ymir ransomware and RustyStealer information-stealing malware have joined hands in new attacks, according to BleepingComputer.

Numerous systems have been initially targeted with the RustyStealer credential-harvesting tool to facilitate high-privilege account compromise and lateral movement prior to the execution of SystemBC malware-related scripts and exfiltration of data over two days, an analysis from Kaspersky researchers showed. Attackers then proceeded with the deployment of the Ymir ransomware, which conducts system reconnaissance and skips file extensions before encrypting files using the ChaCha20 stream cipher, Kaspersky researchers reported. Aside from changing the Windows Registry "legalnoticecaption" value to display the demanded ransom, Ymir ransomware also enabled executable removal through the detection of PowerShell within the targeted system. Despite its lack of a leak site, Ymir ransomware could prove to be a severe cybersecurity threat due to its utilization of infostealing payloads as access brokers, according to researchers.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.