An emerging ransomware-as-a-service platform called ShinySp1d3r is being developed by threat actors linked to ShinyHunters and Scattered Spider groups, aiming to enhance their extortion operations. This new ransomware features advanced encryption and anti-analysis measures, with plans for cross-platform versions and a βlightningβ variant, threatening various sectors worldwide. #ShinyHunters #ScatteredSpider
Keypoints
- The ShinySp1d3r RaaS is created from scratch by the ShinyHunters group.
- The ransomware encrypts files using ChaCha20 with RSA-2048, adding unique extensions and headers.
- It includes features like process killing, shadow copy deletion, and network propagation.
- The ransom note details a three-day window for negotiation and instructs victims to contact via a TOR link.
- Future versions of ShinySp1d3r are planned for Linux and ESXi, along with a faster βlightningβ ASM version.