![]() ![]() The malware connects to its C2 server and enables the remote attacker to execute commands. The ransom note also includes private recovery keys.Ĭhimneysweep is a malware that provides the attacker a backdoor access to a compromised machine. It drops a ransom note that contains a politically inclined message and asks the victim to make a phone call to the attacker in order to decrypt the affected files. Roadseep is a new ransomware that encrypts files that do not have a ".exe", ".dll", ".sys", ".lnk" and ".lckon" file extension on a compromised machine and adds a ".lck" file extension to them. The former provides backdoor access to the attacker and the latter enables the threat actor to overwrite specified files, making the affected files unrecoverable.Īn alleged threat actor claimed responsibility for the attack on web site and telegram channel and released information supposedly belonging to the victims in Albanian government organizations on them. ![]() The attack potentially involved Chimneysweep backdoor and ZeroCleare wiper malware. A security vendor Mandiant, with moderate confidence, attributed the attack to an unknown threat actor who supports Iran. This is significant because a new ransomware was reportedly used against the Albanian government, a member of the North Atlantic Treaty Organization (NATO). Other malware Chimneysweep backdoor and ZeroCleare wiper malware were potentially used in the attack. FortiGuard Labs is aware of a report that Roadsweep ransomware was used against the Albanian government.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |