Scroll Top

Emergence of new Yashma Ransomware variant highlights ongoing threat


A recent surge in ransomware attacks has once again brought cyber threats into the spotlight, with an unknown threat actor utilizing a new variant of the Yashma ransomware to target entities across English-speaking countries, Bulgaria, China, and Vietnam. Cisco Talos, a leading cybersecurity research team, has recently released a report indicating that the operation is likely orchestrated by an adversary with ties to Vietnam.

Security researcher Chetan Raghuprasad revealed an unusual technique employed by the attacker to deliver their ransom note. Instead of embedding the ransom note directly into the binary, the attacker retrieves it from a GitHub repository they control by executing an embedded batch file.

Yashma ransomware, first identified by BlackBerry’s research and intelligence team in May 2022, represents a rebranded version of the Chaos ransomware. It’s worth noting that the builder for Chaos ransomware was leaked in the wild a month before Yashma emerged.

Notably, the ransom note utilized in this attack bears a resemblance to the infamous WannaCry ransomware note, a tactic that may be aimed at obscuring the true identity of the threat actor and complicating attribution efforts. Although the ransom note provides a wallet address for payment, the specified amount remains unspecified.

These developments come in the midst of an escalating wave of ransomware attacks. Malwarebytes, a prominent cybersecurity company, reported nearly 1,900 incidents over the past year across the U.S., Germany, France, and the U.K. This increase has been partly fueled by the rise of the Cl0p group, which exploits zero-day vulnerabilities to intensify its attacks.

Akamai’s research findings echo this trend, revealing a staggering 143% surge in ransomware victims during Q1 2023 compared to the same period the previous year. The Cl0p ransomware group’s relentless pursuit of zero-day vulnerabilities has led to a ninefold increase in victims year over year.

Trend Micro’s recent disclosure further highlights the evolving nature of the threat landscape. An attack by the TargetCompany group employing an undetectable obfuscator engine named BatCloak aimed to infect vulnerable systems with remote access trojans like Remcos RAT, maintaining a stealthy presence within targeted networks.

As threat actors continue to refine their tactics and techniques, remains dedicated to providing timely updates on emerging cyber threats and trends. This commitment empowers readers to stay well-informed and vigilant within the ever-changing realm of cybersecurity.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.