• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Tech News»Adaptive RedAlert, Monster ransomwares go cross-platform
Tech News

Adaptive RedAlert, Monster ransomwares go cross-platform

August 25, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Adaptive RedAlert, Monster ransomwares go cross-platform
Share
Facebook Twitter LinkedIn Pinterest Email

The developers of two newly emergent ransomware families, RedAlert and Monster, are using novel techniques to spread their attacks as widely as possible by exploiting multiple different operating systems (OSes) at the same time, according to research shared by cyber giant Kaspersky.

The use of multi-platform ransomwares is nothing new as such. Indeed, Kaspersky said it has been witnessing their “prolific use” this year.

The aim of such ransomwares is to be able to damage as many systems as possible by adapting their code to several OSes at once.

However, whereas other cross-platform ransomwares, such as Luna or BlackCat, use multiplatform languages such as Rust or Go/Golang, RedAlert and Monster are not written in a cross-platform language but retain the ability to target various OSes simultaneously.

“We’ve got quite used to the ransomware groups deploying malware written in cross-platform language,” said Jornt van der Wiel, a senior security researcher on Kaspersky’s Global Research and Analysis Team (GReAT). “However, these days, cyber criminals learned to adjust their malicious code written in plain programming languages for joint attacks – making security specialists elaborate on ways to detect and prevent the ransomware attempts.”

RedAlert – which is also known as N13V – is coded in plain old C, or at least the Linux-targeting version Kaspersky dissected was, and explicitly targets both Windows and Linux-based VMware ESXi servers. It incorporates command line options that let its controllers seek out and shut off any running virtual machines (VMs) before encrypting files associated with ESXi VMs.

Its dark web site offers a decryptor for download that the group claims is available for all platforms, although Kaspersky has not been able to verify whether the decryptor is written in a cross-platform language. RedAlert otherwise uses fairly standard double extortion tactics.

See also  Hive’s abandoned smart home devices will cease operation starting in 2023

A further noteworthy – albeit unrelated – point is that RedAlert only accepts ransom payments in the Monero cryptocurrency, which is not accepted in every country or by every exchange, making payments harder for the victim.

“Since the group is relatively young, we couldn’t find out a lot about the victimology, but RedAlert stands out as an interesting example of a group that managed to adjust their code written in C to different platforms,” the researchers said.

The Monster ransomware – first detected in July 2022 by Kaspersky’s Darknet monitoring system – is written in the general-purpose Delphi language that expands on different systems. However, this group stands out because it includes a graphical user interface (GUI), a component that no other known ransomware crew has ever implemented before.

Kaspersky admitted this feature was something of a puzzle to them. “This latter property is especially peculiar, as we do not remember seeing this before,” it said. “There are good reasons for this, because why would one go through the effort of implementing this when most ransomware attacks are executed using the command line in an automated way during a targeted attack?

“The ransomware authors must have realised this as well, since they included the GUI as an optional command-line parameter.”

More information on both these ransomwares, including various screenshots, as well as additional intelligence on the vulnerabilities used in their attacks, is available from Kaspersky.

Source link

Adaptive CrossPlatform Monster ransomwares RedAlert
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Monster DNA Max review

August 11, 2023

Can Pepper Content Save The Creator Economy From The AI Monster?

March 25, 2023

What is a Service Robot? The vision of an intelligent service application is possible.

November 7, 2022

Tom Brady just chucked another Microsoft Surface tablet

September 18, 2022
Add A Comment

Comments are closed.

Editors Picks

5 Ways ChatGPT Could Be Harming Your Writing

July 28, 2023

ProtonVPN 2.0.5 Download | TechSpot

August 7, 2022

Panasonic’s $4 billion EV battery plant will land in Kansas

July 19, 2022

Why the metaverse is filled with security, privacy and safety issues

September 26, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.