Security News > 2023 > July > RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors
The malware "Possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out ransomware activities," Zscaler researchers Shatak Jain and Gurkirat Singh said in a recent analysis.
Following a successful breach, the malicious binary is used as a conduit to set up persistence, perform the actual browser update, and also drop a stealer capable of covertly harvesting sensitive information and encrypting the stolen files, leaving the victims at risk of potential data loss, exposure, or even the sale of their valuable data.
In the final stage, RedEnergy's ransomware component proceeds to encrypt the user's data, suffixing the ".
RedEnergy's dual functions as a stealer and ransomware represent an evolution of the cybercrime landscape.
The development also follows the emergence of a new RAT-as-a-ransomware threat category in which remote access trojans such as Venom RAT and Anarchy Panel RAT have been equipped with ransomware modules to lock various file extensions behind encryption barriers.
"Vigilance in verifying the authenticity of browser updates and being wary of unexpected file downloads is paramount to protect against such malicious campaigns."
News URL
https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html
Related news
- Major shifts in identity, ransomware, and critical infrastructure threat trends (source)
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)
- Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7 (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)