Boztek

TC Cybernews

TC Artificial Intelligence

Hacker News

No Content Available

We Live Security

No Content Available

Securelist

Kaspersky discovers new Ymir ransomware used together with RustyStealer

The article presents a detailed analysis of a newly identified ransomware family named “Ymir.” The investigation reveals the advanced capabilities of Ymir in evading detection, primarily due to its operations being conducted in memory through various function calls, such as malloc, memmove, and memcmp. The initial access point for attackers was through PowerShell remote control commands, which allowed them to install malicious tools before executing the ransomware. In the static analysis of the Ymir binary, the sample exhibited characteristics typical of ransomware, including specific API calls related to cryptographic functions and process management. Noteworthy elements included API calls for functions like CryptAcquireContextA and WinExec, which are prevalent in ransomware variants. The analysis further uncovered essential strings in the binary, such as the ransom note filename and encryption extension, as well as commands for PowerShell, indicative of its operational...

Read more

Adoption, migration, optimisation, security and management services designed to deliver business agility.

Read More

Improve your security posture with tailored strategies and front-line defence services.

Read More

Scalable colocation and connectivity within a hyper secure environment.

Read More

Disaster recovery and high-availability serviced offices in secure, premium office facilities.

Read More

Tailored, end-to-end solutions for your hardware ecosystem across the widest range of vendors.

Read More

Accelerate your digital workplace with scalable solutions for workplace support, collaboration and security.

Read More