Multiple ransomware gangs utilize the Shanya packer-as-a-service platform to obfuscate malicious payloads and disable endpoint detection solutions. Sophosβs analysis reveals how Shanya compounds its effectiveness by encrypting payloads in memory and disrupting security tools in targeted regions. #Shanya #Medusa #Crytox #Akira #endpointdetection
Keypoints
- Shanya is a packer service used by multiple ransomware groups to mask payloads and evade detection.
- The platform encrypts and compresses malicious payloads, inserting them into Windows DLL files in memory.
- Ransomware gangs disable endpoint detection and response tools by dropping specially crafted drivers.
- Shanyaβs technique involves deploying unique, encrypted payloads that are difficult to analyze or detect automatically.
- Sophos identified ongoing campaigns using Shanya to package malware like CastleRAT alongside ransomware operations.