Security News > 2022 > June > HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts.
"Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based messenger instances," Daniel Bunce and Doel Santos, security researchers from Palo Alto Networks Unit 42, said in a new write-up.
The findings come as a new study from IBM X-Force revealed that the average duration of an enterprise ransomware attack - i.e., the time between initial access and ransomware deployment - reduced 94.34% between 2019 and 2021 from over two months to a mere 3.85 days.
The increased speed and efficiency trends in the ransomware-as-a-service ecosystem has been attributed to the pivotal role played by initial access brokers in obtaining access to victim networks and then selling the access to affiliates, who, in turn, abuse the foothold to deploy ransomware payloads.
"Purchasing access may significantly reduce the amount of time it takes ransomware operators to conduct an attack by enabling reconnaissance of systems and the identification of key data earlier and with greater ease," Intel 471 said in a report highlighting the close working relationships between IABs and ransomware crews.
"Additionally, as relationships strengthen, ransomware groups may identify a victim who they wish to target and the access merchant could provide them the access once it is available."
News URL
https://thehackernews.com/2022/06/hello-xd-ransomware-installing-backdoor.html
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)