Security News > 2022 > February > Dridex Malware Deploying Entropy Ransomware on Hacked Computers

Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name.

"The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands, and in the subroutines used to decrypt encrypted text," cybersecurity firm Sophos said in a report shared with The Hacker News.

Despite consistency in some aspects of the twin attacks, they also varied significantly with regards to the initial access vector used to worm their way inside the networks, the length of time spent in each of the environments, and the malware employed to launch the final phase of the invasion.

The adversary is said to have spent four months carrying out reconnaissance and data theft, ultimately paving the way for the ransomware attack in early December 2021.

The second attack on the regional government organization, on the other hand, was facilitated through a malicious email attachment containing the Dridex malware, using it to deploy additional payloads for lateral movement.

Besides using legitimate tools such as AdFind, PsExec, and PsKill to carry out the attacks, the correlation between Dridex and Entropy samples with that of previous DoppelPaymer ransomware infections has raised the possibility of a "Common origin."

News URL

https://thehackernews.com/2022/02/dridex-malware-deploying-entropy.html