Daily Tech News, Interviews, Reviews and Updates

Security researchers detect new ransomware named HavanaCrypt posed as fake Google Software Update

Security
By Tista Karmakar
Security researchers detect new ransomware named HavanaCrypt posed as fake Google Software Update

Trend Micro Inc. is a Japanese multinational cyber security company that has allegedly identified a new ransomware family that can pose as a fake Google Software Update application. Security researchers at Trend Micro termed the ransomware as HavanaCrypt can efficiently perform anti-visualization checks in order to avoid being detected and uses a Microsoft web hosting service IP address for performing a command and control (C&C) server to control the device sending commands remotely.

Security researchers say that the HavanaCrypt ransomware performs a namespace method function in order to identify names of types, functions, and variables of the device to employ open-source password management during encryption. The ransomware uses the obfuscar open-source obuscator to protect the compiled data in .NET and make it obscure. Then it turns on the AutoRun registry for Google Update entry. After that, it initiates its anti-visualization routine first by checking services available for the device, and then it checks related files of applications on the device.

A malware downloads a file name “2.txt” from a Microsoft web hosting service IP address and saves it as .bat file to be executed. The .bat or batch file prevents the malware from being identified by Windows Defender. After it has gained access to the user device it terminates a series of the running processes, deletes all shadow copies, and disables the Task Manager.

HavanaCrypt generates a unique identifier (UID) based on the system’s processor cores and ID, processor name, socket, motherboard manufacturer name, BIOS version, and product number.

The ransomware uses a KeePass Password for generating free, safe, and open-source passwords to perform encryption. The malware then generates a text file that shows logs of encrypted files. However, the malware does not process any ransom note.

According to Trend Micro researcher “HavanaCrypt is still in its developmental phase” and it is important for the cyber security companies to delete and block it before it evolves by collecting data and infecting more devices.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Tista Karmakar 331 posts

She is Currently doing PG Diploma in Journalism and Mass communication from Indira Gandhi Open University, July Session. 2022.
She has completed Master's Degree in Film Study from Jadavpur University with 8.81 cGPA .

You might also like
Crypto

WazirX Suffers $230 Million Cyberattack, Launches Bounty Programs for Recovery

Crypto

Major Security Breach At WazirX: $230 Million In Crypto Stolen by Hackers

Security

Call Records and Text From Nearly All Customers Were Hacked Through A Cloud Service:…

Security

Airtel Denies Data Breach Claims, Calls Allegations a Desperate Attempt to Tarnish…

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More