Security News > 2021 > March > Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.

"While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the two ransomware to the same author," Intezer Lab researcher Joakim Kennedy said in a malware analysis published today revealing the attackers' tactics on the dark web.

The ransomware has since been tracked to a Russian cybercrime group referred to as "FullOfDeep," with Intezer shutting down as many as 15 ransomware campaigns using the QNAPCrypt variant with denial of service attacks targeting a list of static bitcoin wallets that were created for the express intent of accepting ransom payments from victims, and prevent future infections.

Although the two ransomware families have directed their attacks against different operating systems, reports of SunCrypt's connections to other ransomware groups have been previously speculated.

Taking into account the overlaps and the behavioral differences between the two groups, Intezer suspects that "The eCh0raix ransomware was transferred to and upgraded by the SunCrypt operators."

"While the technical based evidence strongly provides a link between QNAPCrypt and the earlier version of SunCrypt, it is clear that both ransomware are operated by different individuals," the researchers concluded.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/wqA_koAWeP8/researchers-unearth-links-between.html