Boramae Ransomware is a newly discovered strain aimed at Windows systems, known for its effective encryption and evasion tactics. The ransomware not only encrypts files but also leaves threat-laden ransom notes demanding payment under duress. These findings emphasize the need for robust cybersecurity measures and incident response strategies. Affected: Windows systems
Keypoints :
- Boramae Ransomware targets Windows operating systems.
- It encrypts files and appends the β.boramaeβ extension to them.
- A ransom note titled βREADME.txtβ is left for victims with payment instructions.
- Attackers threaten to leak sensitive data if the ransom is not paid.
- Victims are warned against using data recovery firms, promising a discount if paid promptly.
- The ransomware implements advanced evasion techniques for persistent infiltration.
- Cybersecurity defenses and incident response strategies are crucial for mitigation.
MITRE Techniques :
- Execution (T1047) β Uses Windows Management Instrumentation for executing commands.
- Execution (T1059) β Utilizes command and scripting interpreters for payload delivery.
- Execution (T1129) β Leverages shared modules for executing malicious code.
- Persistence (T1542) β Uses pre-OS boot mechanisms to maintain persistence.
- Persistence (T1547.001) β Employs Registry Run Keys/Startup Folder for autorun functionality.
- Credential Access (T1003) β Conducts OS credential dumping for obtaining user credentials.
- Credential Access (T1056) β Implements keylogging methods for capturing sensitive information.
- Impact (T1485) β Engages in data destruction as a consequence of the attack.
- Impact (T1486) β Encrypts data for impact to extort ransoms from victims.
Indicator of Compromise :
- [Hash] SHA-256: 5bd8f9cbd108abc53fb1c44b8d10239a2a0a9dd20c698fd2fb5dc1938ae7ba96
- [File] README.txt β The ransom note left by the attackers.
- [File Extension] .boramae β The extension added to encrypted files.
- [Target Technology] Windows β Specific operating system targeted by the ransomware.
Full Story: https://www.cyfirma.com/research/boramae-ransomware/