Huntress analysts discovered a new ransomware variant called “Obscura” that infects network domain controllers and spreads automatically through shared folders. The malware uses advanced cryptography and sophisticated process termination techniques to maximize damage and evade detection. #Obscura #GoBinary
Keypoints
- Obscura is a recently identified ransomware variant with unknown public references.
- The malware is deployed via shared NETLOGON folders and scheduled tasks within infected networks.
- It requires administrative privileges to disable system recovery features and terminate security processes.
- Obscura uses elliptic-curve cryptography and ChaCha20 encryption to lock files selectively based on size.
- Monitoring domain controllers and suspicious file modifications are crucial for early detection.
Read More: https://www.bleepingcomputer.com/news/security/obscura-an-obscure-new-ransomware-variant/