Arctic Wolf sniffs out new ransomware variant
by nlqip
![worried concerned developer prgrammer coder ransomware breach](https://kartwheelnewz.info/wp-content/uploads/2024/06/Arctic-Wolf-sniffs-out-new-ransomware-variant.jpg)
“The NtQuerySystemInformation function allows the caller to obtain information about the current system’s physical details such as the number of logical processors available,” Arctic Wolf said. “This information can be useful when determining how many threads the multi-threaded encryption routine should allocate.”
Once critical system information is obtained, encryption is attempted. “Using the system information discovered earlier, the sample configures a thread pool dedicated to encrypting all the discovered files,” the report added. “This thread pool uses the logical processor information with a minimum number of two processors and a maximum number of sixteen processors. The deprecated Windows APIs for CryptImportKey and the CryptEncrypt are called during the process.”
After the encryption is completed, the miscreants leave a ransom note, written to one of the configuration files on the disk, with a usual ‘readme.txt’ name.
Source link
lol
“The NtQuerySystemInformation function allows the caller to obtain information about the current system’s physical details such as the number of logical processors available,” Arctic Wolf said. “This information can be useful when determining how many threads the multi-threaded encryption routine should allocate.” Once critical system information is obtained, encryption is attempted. “Using the system information…
Recent Posts
- Secure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardy
- Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security
- Friday Squid Blogging: Sunscreen from Squid Pigments
- Here Are The 8 Biggest IT Services M&A Deals In Q2 2024
- Crypto exchange Gemini discloses third-party data breach