Security News > 2022 > June > HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts.

"Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based messenger instances," Daniel Bunce and Doel Santos, security researchers from Palo Alto Networks Unit 42, said in a new write-up.

The findings come as a new study from IBM X-Force revealed that the average duration of an enterprise ransomware attack - i.e., the time between initial access and ransomware deployment - reduced 94.34% between 2019 and 2021 from over two months to a mere 3.85 days.

The increased speed and efficiency trends in the ransomware-as-a-service ecosystem has been attributed to the pivotal role played by initial access brokers in obtaining access to victim networks and then selling the access to affiliates, who, in turn, abuse the foothold to deploy ransomware payloads.

"Purchasing access may significantly reduce the amount of time it takes ransomware operators to conduct an attack by enabling reconnaissance of systems and the identification of key data earlier and with greater ease," Intel 471 said in a report highlighting the close working relationships between IABs and ransomware crews.

"Additionally, as relationships strengthen, ransomware groups may identify a victim who they wish to target and the access merchant could provide them the access once it is available."

News URL

https://thehackernews.com/2022/06/hello-xd-ransomware-installing-backdoor.html