Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » New variant of Qilin.B ransomware emerges with improved encryption and evasion tactics
Global Security

New variant of Qilin.B ransomware emerges with improved encryption and evasion tactics

AdminBy AdminOctober 24, 2024No Comments3 Mins Read
Qilin.B Ransomware
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 24, 2024Ravi LakshmananRansomware / Cybercrime

Extortionists Killin.B

Cybersecurity researchers have discovered an advanced version of the Qilin ransomware that features increased sophistication and evasive tactics.

The new variant is tracked by cyber security company Halcyon under the alias Qilin.B.

“Notably, Qilin.B now supports AES-256-CTR encryption for AESNI-capable systems, while retaining Chacha20 for systems without such support,” Halcyon Research Team said in a report shared with The Hacker News.

“Additionally, RSA-4096 with OAEP padding is used to protect the encryption keys, making it impossible to decrypt the files without the attacker’s private key or derived seed values.”

Cyber ​​security

Tilin, also known as Agendafirst came to the attention of the cybersecurity community in July/August 2022, with initial versions written in Golang before moving to Rust.

Group-IB’s May 2023 report revealed that the Ransomware-as-a-Service (RaaS) scheme allows its affiliates to receive 80% to 85% of each ransom payment after it infiltrates the group and manages to strike up a conversation with Qilin Recruiter .

Recent attacks connected prior to the ransomware operation, credentials stored in Google Chrome browsers on a small set of compromised endpoints were stolen, suggesting a departure from typical two-pronged ransomware attacks.

Samples of Qilin.B analyzed by Halcyon show that it is based on older iterations with additional encryption capabilities and improved operational tactics.

This includes using AES-256-CTR or Chacha20 for encryption, in addition to taking steps to resist analysis and detection by stopping services related to security tools, constantly clearing Windows event logs, and removing yourself.

It also includes features to stop processes associated with backup and virtualization services such as Veeam, SQL, and SAP, and remove shadow copies of volumes, making recovery more difficult.

“Qilin.B’s combination of advanced encryption mechanisms, effective defense evasion tactics, and persistent failures of backup systems make Qilin.B a particularly dangerous ransomware variant,” Halcyon said.

The pernicious and persistent character The threat posed by ransomware is evidenced by the constantly evolving tactics displayed by ransomware groups.

An example of this is the discovery of a new Rust-based toolkit that was used to deliver Embargo ransomware, which boots but not before terminating Endpoint Detection and Response (EDR) solutions installed on the host with Bring Your Own Vulnerable Driver (BEUD) technique.

Both are EDR killers, codenamed MS4Killer by ESET due to its similarity to open source s4killer tool, and the ransomware is launched using a malicious loader called MDeployer.

Cyber ​​security

“MDeployer is the main malicious loader that Embargo tries to deploy on machines in a compromised network – it facilitates the rest of the attack, which leads to the execution of ransomware and file encryption,” researchers Ian Holman and Tomasz Zwara said. “MS4Killer is expected to run indefinitely.”

“Both MDeployer and MS4Killer are written in Rust. The same is true for the ransomware payload, assuming Rust is the primary language for the group’s developers.”

According to data shared by Microsoft, 389 U.S. healthcare facilities were hit by ransomware attacks this fiscal year, costing them up to $900,000 a day in downtime. Some of the ransomware groups known to strike hospitals include Lace Tempest, Sangria Tempest, Cadenza Tempest, and Vanilla Tempest.

“Of the 99 healthcare organizations that admitted to paying the ransom and disclosed the ransom paid, the median payment was $1.5 million and the median payment was $4.4 million,” the tech giant said. said.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025

Posted and Pubshell Sarsware used in Tibet’s Mustang Panda attack

June 27, 2025

The Chinese Silver Fox Group uses fake web -sats to deliver Sainbox Rat and Hidden Rortkit

June 27, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025

Posted and Pubshell Sarsware used in Tibet’s Mustang Panda attack

June 27, 2025

The Chinese Silver Fox Group uses fake web -sats to deliver Sainbox Rat and Hidden Rortkit

June 27, 2025

Business -SUCKS FOR AGENTIC AI SOC -Analytics

June 27, 2025

Transfer of person transfer is increased by threats when directed by scanning and disadvantages CVE

June 27, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.