Prinz Eugen is a newly observed Go-based ransomware family that uses recursive encryption, ChaCha20-Poly1305, and aggressive file targeting while avoiding ransom notes and deleting itself to hinder analysis. The campaign has been linked to Standard Bank Group and other victims, with infrastructure and attribution trails pointing to ROOTBOY, the German-themed operator behind the extortion activity. #PrinzEugen #StandardBankGroup #ROOTBOY #RemotePC #germania
Keypoints
- Prinz Eugen is a new ransomware family written in Go.
- It encrypts files recursively and targets recently modified files first.
- The encryptor uses ChaCha20-Poly1305 with integrity checks and custom file headers.
- It leaves no ransom note and self-deletes to reduce forensic traces.
- Activity and infrastructure point to ROOTBOY and the Standard Bank Group campaign.
Read More: https://www.threatdown.com/blog/prinz-eugen-ransomware-a-deep-dive-into-a-new-go-based-encryptor/