BleepingComputer reports that 53 organizations around the world have already been compromised by the new LostTrust ransomware operation since it commenced attacks in March.
LostTrust has been suspected to be a MetaEncryptor ransomware rebrand due to nearly identical data leak sites and Windows encryptors. Both ransomware gangs were discovered by cybersecurity researcher Stefano Favarato to be leveraging the same template and bio for their sites, with the operations touting their members to be network security specialists with 15 years or more experience.
Moreover, only slight differences in ransom notes, note names, embedded public keys, and encrypted file extensions were found between LostTrust and MetaEncryptor, with MalwareHunterTeam noting that the SFile2 ransomware encryptor was used as the basis by both operations.
Further examination of the LostTrust encryptor revealed that execution would prompt the disabling of various Windows services, as well as the deactivation of other Microsoft Exchange-related services prior to encryption.
Ransom notes by the operation suggest that members were once ethical hackers that transitioned to cybercrime after poor compensation.
Novel LostTrust ransomware operation emerges
BleepingComputer reports that 53 organizations around the world have already been compromised by the new LostTrust ransomware operation since it commenced attacks in March.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization.