HQ/EMEAFind out how we can help your business
The newly discovered malware, RedEnergy, has recently appeared in the wild and shows that it functions as a Stealer-as-a-Ransomware. Threat actors have employed this new malware to execute cybercriminal campaigns against several sectors, such as oil and gas, energy, telecommunications, and machinery.
Researchers also revealed that RedEnergy adopts a deceptive update tactic as its primary intrusion method to infiltrate various industries.
This recent activity from the stealer-as-a-ransomware shows the sophistication of new malware strains that combine encryption techniques and stealthy data theft to cause significant damage and take over its targeted machines.
Additionally, the malware operators employ the FAKEUPDATES campaign to lure victims and prompt them to update their web browsers. This malicious variant operates discretely to exfiltrate information after a successful infiltration. Next, the attack process encrypts the impacted files.
Researchers claimed that the new malware campaign targets victims through LinkedIn pages. Currently, the most notable companies affected by such attacks are an organisation from Brazil and a manufacturing company from the Philippines.
The RedEnergy malware operators start their campaigns by running several techniques.
According to an investigation, the RedEnergy operators adopt multi-stage tactics and disguise the malware as browser updates deceive users who click LinkedIn links.
In addition, the attackers utilise obfuscation techniques and contain their C2 via HTTPS. The campaign operates through multiple phases and starts the execution by disguising the malicious executables.
Furthermore, the malware could establish persistence, communicate with DNS servers, and download more payloads from a remote location. An alleged malicious FTP interaction suggests the malware has already exfiltrated data and uploaded files illegally.
In the final stage of RedEnergy’s campaign, it terminates shadow drive data and Windows backup plans to solidify its ransomware characteristics. The campaign operators then drop a batch file and a ransom note containing the payment detail in exchange for the decryption key.
The RedEnergy analysis implies an evolving threat landscape targeting various organisations and industries. Additionally, the attack highlights the importance of employing security measures to mitigate the effects of such attacks. Every business and organisation could upgrade their cybersecurity defences against these malicious campaigns and implement comprehensive security protocols.
