• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Experts warn of a new strain of ransomware, the PXJ Ransomware

by Cyber360 News
March 16, 2020
in Security
0
Experts warn of a new strain of ransomware, the PXJ Ransomware
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families.

Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families.

While PXJ performs typical ransomware functions, it does not appear to share the same underlying code with most known ransomware families.

The PXJ ransomware first appeared in the threat landscape in early 2020, it supports functions similar to other ransomware families. The experts spotted the ransomware for the first time on February 29, when two samples that were uploaded to VirusTotal.

The name PXJ ransomware comes from the file extension that it appends to encrypted files. The malware is also known as XVFXGW, a name that derived from both the the malware creates, “XVFXGW DOUBLE SET,” and the email addresses included in the ransom note (“[email protected]” and “[email protected]”).

“This code has emerged in the wild in early 2020, and while it performs functions common to most ransomware, it does not appear to share underlying code with known ransomware families.” reads the analysis post by IBM X-Force.

Only one of the two samples analyzed by the researchers was packed using the open-source executable packer UPX.

At the time, experts have yet to determine the initial infection vector of the ransomware. Like other ransomware families, PXJ ransomware begins by disabling the user’s ability to recover any files from deleted stores and shadow copies.

Then the malware starts encrypting the victims’ files, it is able to target photos and images, databases, documents, videos, and other files.

The PXJ ransomware uses both AES and RSA algorithms to encrypt the data, the technique is common to other threats.

“Many ransomware codes begin by encrypting files with the AES algorithm, a symmetric cipher, because it can encrypt files faster, helping finish the task before the malicious process can be interrupted,” continues the analysis. “The AES key is then encrypted with the stronger asymmetric key, in this case, the RSA crypto-system.”

Once the encryption process is concluded, the ransomware will drop the ransom note into a file (called “LOOK.txt”), which instructs the victim to contact the attacker via email to receive information on the procedure to pay the ransom (in Bitcoin).

If victims do not pay, the ransom amount will double every day after the first three days, the attackers also threaten the victims that after a week, the decryption key will be destroyed, making it impossible to recover the encrypted files.

The two samples analyzed by the experts differ in the use of network communication that is present only in one sample. The network connection allows operators to determine if a machine was infected before it will be contacted by the victims.

Experts noticed that the URLs in one of the samples contained a sort of traffic check parameter called “token” with a Base-64 encoded value. 

“Our hypothesis is that this may be some sort of traffic check given the lack of payload and the presence of multiple GET requests that include timestamps; however, this has not yet been confirmed. No additional payload appears to be included in the GET request sent to these URLs and the remote server simply returns “0” in response.” continues the analysis.

Technical details about the PXJ Ransomware, including Indicators of Compromise (IoCs), are reported in the analysis published by IBM X-Force.

Pierluigi Paganini

(SecurityAffairs – hacking, PXJ ransomware)



Share On


Cyber360 News

Cyber360 News

Next Post
Cookiethief Malware Targets Android Devices To Steal Cookies

Cookiethief Malware Targets Android Devices To Steal Cookies

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In