A new ransomware-as-a-service family, dubbed LokiLocker, has been identified by Blackberry Threat Intelligence. As usual, this only affects Windows systems.
The company’s research and intelligence team said in a blog post that LokiLocker did the usual ransomware things like encryption and stealing information. But it also erased data from its victims’ systems.
“However, like its namesake god Loki, this threat appears to have some subtle tricks up its sleeve — including a potential ‘false flag’ tactic that singles out Iranian threat actors,” the post said.
“In Norse mythology, Loki was the accomplished trickster who had the ability to shapeshift at will. One of many impetuous fire gods, Loki was the enemy of the other gods themselves, often entering their banquets without being invited and demanding their food and drink. . LokiLocker similarly insists on acquiring what he has no legitimate right to.”
The post claimed that LokiLocker was first spotted in mid-August 2021 and appeared to primarily target English-speaking victims and Windows PCs.
“Like the god it is named after, LokiLocker enters the victim’s life uninvited and begins searching for assets to steal. The threat then encrypts their files and demands that they pay a monetary ransom to restore access “, wrote the Blackberry team.
“The malware is written in .NET and protected with NETGuard (modified ConfuserEX) using an additional virtualization plugin called KoiVM. KoiVM used to be a licensed commercial protector for .NET applications, but around 2018 its code was open source (or possibly leaked), and it’s now publicly available on GitHub.Although Koi seems to be popular with hacking tools and cracks, we haven’t seen many other malware using it at all. this day.
Satnam Narang, a staff research engineer at security store Tenable, said the wipe data feature was another way to get a ransom.
“Usually when ransomware has included a data erasing component, the ransomware is just a ruse and the intention from the start is to erase data from systems all along,” he said. declared.
“With LokiLocker, it seems the data wipe component is now another new form of extortion if a victim refuses to pay. Ultimately, ransomware groups want to be paid, the data wipe tactic is just another option for these groups as a means to an end.
“The current concern is whether the data-erasing extortion tactic will be widely adopted by other ransomware groups, much like the Maze group’s double extortion tactic.”
Narang said the ransomware ecosystem has grown over the years into its own booming business.
“Historically, holding files hostage was enough to convince organizations to pay, but a few years ago ransomware group Maze pioneered a tactic of stealing victims’ sensitive data and threatening to publish these files online.This tactic has been called double extortion and it is now widely adopted by most ransomware-as-a-service offerings.
“Ransomware groups have begun experimenting with additional extortion techniques in recent years, including performing distributed denial-of-service attacks against victims and even cold calling a victim’s customers threatening to disclose their data also in the hope of convincing them to pressure the first victims to pay the ransom demand.”
PROMOTE YOUR WEBINAR ON ITWIRE
It’s all about webinars.
Marketing budgets are now focused on webinars combined with lead generation.
If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.
The iTWire campaign will include numerous advertisements on our news site itwire.com and a major newsletter promotion https://itwire.com/itwire-update.html and promotional and editorial news. Plus a video interview of the keynote speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in promotional messages on the iTWire homepage.
Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and providing support through partial payments and extended terms, a Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
MORE INFO HERE!
INTRODUCING ITWIRE TV
iTWire TV offers unique value to the technology industry by offering a range of video interviews, news, views and reviews, and also offers vendors the ability to promote your business and marketing messages.
We work with you to develop the messaging and conduct the product interview or review in a safe and collaborative manner. Unlike other YouTube Tech channels, we create a story around your post and post it to the ITWire homepage, along with a link to your post.
Additionally, your interview post message can be displayed in up to 7 different post views on our iTWire.com site to drive traffic and readers to your video content and downloads. This can be an important lead generation opportunity for your business.
We also provide 3 videos in one recording/session if you need it so that you have a series of videos to promote to your clients. Your sales team can add your emails to the sales materials and footer of their sales and marketing emails.
Discover the latest tech news, viewpoints, interviews, reviews, product promotions and events. Plus funny videos from our readers and customers.