HQ/EMEAFind out how we can help your business
A new strain of Cylance ransomware has claimed several victims in the past few months. Researchers observed the new strain last week and are still monitoring the behaviour and capability of the malicious entity. However, early reports show that the ransomware could target Windows and Linux operating systems.
Researchers have yet to uncover factual information about Cylance ransomware, implying it is an emerging threat. The victims of the recent attacks received a ransom note from the ransomware campaign that contained the attackers’ email addresses. Moreover, the ransom note did not include any ransom demand or amount.
The threat actors emphasised in the ransom note that the encrypted files would not return to their owners unless they cooperate. They also clarified that they are not entertaining negotiations since they only want a benefit.
Furthermore, the threat actors revealed in the ransom note that they could decrypt one file for free to prove the legitimacy of the stolen files. This strategy would warn its owners that the actors could exploit the stolen files if they do not comply with their requests.
The Cylance ransomware ransom notes only appear when the victims contact the attackers.
Some researchers suspect the ransom demands will appear once the victims contact the Cylance ransomware operators. The attackers warn victims not to restore or change the files since it would destroy the private key, meaning the encrypted data will be gone for good.
A researcher posted on a social media platform regarding the attack process of the ransomware campaign. The post explained that the group’s modus operandi includes file encryption that leads to appending the [.]Cylance extension.
A “Read Me” text file will also be in the encrypted files’ folders. The folder will also include the threat actors’ ransom notes.
Cybersecurity experts suggest that targets monitor their systems constantly and wait for more details about the newly emerging campaign. Organisations should be wary of these threats since they might not be financially motivated but for espionage campaigns.
