Security News > 2022 > June > Hello XD ransomware now drops a backdoor while encrypting
Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption.
The Hello XD ransomware operation is not currently using a Tor payment site to extort victims but instead instructs victims to enter negotiations directly through a TOX chat service.
Besides the ransomware payload, Unit 42 also observed Hello XD operators now using an open-source backdoor named MicroBackdoor to navigate the compromised system, exfiltrate files, execute commands, and wipe traces.
The most interesting aspect of the second major version of Hello XD is switching the encryption algorithm from modified HC-128 and Curve25519-Donna to Rabbit Cipher and Curve25519-Donna.
At this time, Hello XD is a dangerous early-stage ransomware project currently being used in the wild.
All in all, the particular threat actor appears knowledgeable and in a position to move Hello XD forward, so analysts need to monitor its development closely.