It doesn't take a genius to be a cybercriminal - and open source ransomware is making it easier than ever

News
By published

Taking your money just got easier

Manager is verifying the validity, security, approving requests, quality assurance, investment contracts. Online digital document work, paperless office. online survey. Checking mark up on check boxes
(Image credit: Shutterstock / LALAKA)
  • Check Point has observed ransomware being re-used
  • Yurei ransomware has targeted a Sri Lankan food manufacturing firm
  • Open-source ransomware lowers the barrier for criminals

A new study by Check Point research has revealed that cybercriminals are sharing their tactics by using open-source ransomware models, which is ‘enabling even less-skilled threat actors to launch ransomware operations.’

By observing one particular cyberattack which targeted a Sri Lankan food manufacturing firm, the researchers were able to identify the new ransomware group, Yurei, only made very slight modifications to an existing tool in the Prince-Ransomware strain.

The attack is a ‘double ransomware’ model, in which the victim’s files are encrypted, sensitive data is exfiltrated, followed by the demand for a ransom to both decrypt the information, and also to refrain from posting the data on dark web sites or selling it to the highest bidder.

Yurei ransomware

The ransomware group, named Yurei after a Japanese ghost tale, has utilized an existing open-source ransomware project. Open-source projects enable lower-skilled threat actors to enter the ransomware space with ease.

But, by re-using Prince-Ransomware’s code base, Yurei inherited all of the same flaws, the research says, including the ‘the failure to remove Volume Shadow Copies' and the 'oversight enables partial recovery in environments where VSS is enabled.’

“While open-source malware is a threat, it also gives defenders opportunities to detect and mitigate these variations. However, Yurei succeeded in running their operation on several victims, which shows that even low-effort operations can still lead to success,” the study concludes.

The barriers are lowered both in terms of skill and effort, which is only compounded by the huge increase in the use of AI. Only 20% of ransomware is not powered by AI - and it’s used in CAPTCHA bypass, password cracking, code generation, and even to build sophisticated social engineering attacks.

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.