Cylance Ransomware targeting Linux and Windows Devices
On April 1st, cybersecurity researchers at Palo Alto Networks Unit 42 discovered a new strain of ransomware called Cylance Ransomware. This ransomware has already claimed several victims and is targeting both Linux and Windows devices. Although it is still in its early stages, this new ransomware is causing concern for the infosec community.
According to the report, the ransomware is distributed through phishing emails that contain a malicious attachment or link. Once the attachment or link is opened, the ransomware begins to encrypt files on the infected system, adding a “Cylance” extension to each encrypted file.
The ransom note displayed on the victim’s screen demands payment in Bitcoin, with the amount increasing over time if the ransom is not paid. The note also warns the victim against attempting to recover the files through other means, stating that doing so will result in the permanent loss of the encrypted data.
What makes Cylance Ransomware unique is its use of a sophisticated obfuscation technique that makes it difficult for security software to detect and stop the malware. Additionally, the ransomware can spread laterally across a network, potentially infecting other connected devices.
One of the interesting things about Cylance Ransomware is that it has been named after the cybersecurity company owned by BlackBerry Ltd. This is unusual, as Cylance is known for preventing ransomware attacks on enterprise organizations, and it is unclear why threat actors would name the ransomware after this company. It could be that they are trying to negatively impact Cylance in the long run or simply looking for extra attention.
The attack methodology of Cylance Ransomware involves encrypting files and appending them with a “. Cylance” extension. The ransom notes, which were released by Unit 42, inform victims that all of their files are temporarily inaccessible due to encryption. The attackers claim that they do not care about the victims or their deals, except for getting benefits. They offer to decrypt one file for free to demonstrate their ability to return files, but they warn against any attempt to restore or change the files, as it would destroy the private key and result in the data being lost forever.
The lack of information currently available regarding Cylance Ransomware suggests that it is a relatively new threat. However, researchers are working to gather more information about the ransomware, and samples are available on Malware Bazaar, a project that shares malware samples with the infosec community, AV vendors, and threat intelligence providers.
The emergence of Cylance Ransomware is a reminder of the importance of staying vigilant against cyber threats. Attacks by ransomware are becoming frequent and can have disastrous effects on both people and organisations. It is crucial to take steps to protect your systems and data, including keeping your software up to date, using strong passwords, and regularly backing up your data.
In addition, it is important to be aware of the latest threats and vulnerabilities and to stay informed about developments in the cybersecurity industry. The infosec community plays a critical role in sharing information and collaborating to identify and mitigate cyber threats. By working together, we can better protect ourselves and our organizations from ransomware and other types of cyber-attacks.
Cylance Ransomware is a new threat to Linux and Windows devices that is causing concern for the infosec community. Its emergence is a reminder of the importance of staying vigilant against cyber threats and taking steps to protect your systems and data. The infosec community plays a critical role in sharing information and collaborating to identify and mitigate cyber threats, and we must continue to work together to stay one step ahead of cybercriminals.
Author: Manjushree Gavitre