Security News > 2022 > June > HelloXD ransomware bulked up with better encryption, nastier payload

Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.

Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.

"While the ransomware functionality is nothing new, during our research, following the lines, we found out the ransomware is most likely developed by a threat actor named x4k," the researchers wrote in a blog post.

The analysts wrote that the malware author, or authors, are "Now expanding into the ransomware business to capitalize on some of the gains other ransomware groups are making."

"As the threat actor would normally have a foothold into the network prior to ransomware deployment, it raises the question of why this backdoor is part of the ransomware execution," they wrote.

The bad actor also often alluded to a "Ghost" theme, similar to what the researchers saw in some earlier HelloXD ransomware samples.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/13/helloxd-ransomware-evolving/