HQ/EMEAFind out how we can help your business
A newly discovered ransomware operation called Dark Power has appeared in the cybercriminal ecosystem and is looking to establish its brand as one of the most infectious campaigns. Based on reports, the ransomware operators have been actively targeting numerous organisations since last month.
The Dark Power actors claim they have already infiltrated about ten organisations in under a month. The ransomware operators also adopt a double extortion tactic to pressure their victims.
The Dark Power ransomware authors used a cross-platform language to generate its malicious weapon.
According to investigations, the Dark Power ransomware operators used the cross-platform language, Nim, to code their malware. Numerous malware authors have already used this platform to create their malicious tools.
Currently, two versions of ransomware circulate the threat landscape. Researchers noted that both versions have different encrypt keys and formats.
The first variant utilises the SHA-256 algorithm, while the other one uses SHA-256 and includes a fixed 128-bit for data and file encryption. The ransomware campaign operates globally, claiming victims from numerous countries, such as Egypt, the Czech Republic, Algeria, France, Peru, Turkey, Israel, and the United States.
Most of its targeted organisations came from academic institutions, healthcare providers, the manufacturing sector, and food-producing companies.
For its attack, the ransomware generates a random 64-bit character ASCII string unique for each targeted system upon execution. The actors also use the string to create a decryption tool.
Subsequently, the threat actors stop specific services and processes on a targeted device to accelerate the encryption process. The process will then attach the [.]dark_power extension to the encrypted files.
However, the encryption process excludes system-critical files such as LIBs, DLLs, LNKs, CDMs, INIs, MSIs, BINs, program files and web browser folders to maintain the integrity of the affected system.
Cybersecurity experts explain that Dark Power ransomware operators aggressively target different organisations globally. Therefore, organisations should adopt a competent cybersecurity defence to prevent any infection from the group. Companies should know the countermeasures researchers provide to thwart the threats posed by Dark Power.
