Security News > 2020 > June > Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments
A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial, business service, retail, and healthcare sectors.
In this campaign, when GuLoader runs, it then downloads and executes Hakbit, a known ransomware that encrypts files using AES-256 encryption.
Hakbit is believed to be linked to the Thanos ransomware - In a recent analysis of the Thanos ransomware, Recorded Future researchers assessed "With high confidence" that ransomware samples tracked as Hakbit are built using the Thanos ransomware builder developed by Nosophoros.
Regardless, researchers say that the campaign is indivitive of several "Consistent" low-volume and often boutique ransomware campaigns that have hit victims since January 2020.
"Hakbit exemplifies a people-centric ransomware campaign tailored to a specific audience, role, organization, and in the user's native language."
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- Microsoft fixes 6 zero-days under active attack (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)