CP
cyberpings
Malware & RansomwareHIGH

Malware - ClickFix Loader Used by LeakNet Ransomware Gang

SCSC Media
LeakNetClickFixDenoransomwareJavaScript
🎯

Basically, a new ransomware group is using a special trick to break into companies' computer systems.

Quick Summary

The LeakNet ransomware gang is using a Deno-based loader to infiltrate systems via ClickFix techniques. Organizations are at risk of significant data breaches. Immediate action is essential to mitigate these threats.

What Happened

Recently, the LeakNet ransomware gang has emerged, utilizing a technique known as ClickFix to infiltrate corporate systems. This method involves injecting a Deno-based loader that runs a malicious JavaScript payload. By leveraging a counterfeit Cloudflare Turnstile verification page, they can deliver this malware effectively. This method is part of a broader strategy to expand their operations and exploit vulnerabilities in various organizations.

The Deno loader executes critical functions, including host-fingerprinting and generating unique victim IDs. It also establishes a connection to a command-and-control (C2) server, which is essential for retrieving secondary payloads. This sophisticated approach indicates that LeakNet is not just a run-of-the-mill ransomware group; they are employing advanced techniques to maximize their impact.

Who's Being Targeted

Organizations across various sectors are at risk from this new ransomware threat. The LeakNet gang is particularly targeting companies that may not have robust cybersecurity measures in place. Their method of operation, which includes DLL sideloading and lateral movement within networks, suggests they are looking for high-value targets that can yield significant ransom payments.

As the gang continues to refine their tactics, the potential for widespread disruption increases. Companies that rely on traditional security measures may find themselves vulnerable to these sophisticated attacks. The unique execution of Deno outside of development environments raises red flags for cybersecurity teams.

Signs of Infection

Organizations should be vigilant for several signs that may indicate a LeakNet attack. These include:

  • Unusual Deno execution outside of development settings.
  • Atypical use of PsExec, a tool often used for remote execution.
  • Suspicious browser behavior, particularly involving DLL sideloading.
  • Unexpected outbound traffic to Amazon S3, which may suggest data exfiltration.

Recognizing these indicators early can help organizations respond swiftly to potential breaches. The complexity of the attack makes it crucial for companies to maintain a proactive approach to cybersecurity.

How to Protect Yourself

To safeguard against the LeakNet ransomware threat, organizations should take immediate action. First, ensure that all systems are updated with the latest security patches. Regularly review and monitor network traffic for any anomalies that could indicate a breach.

Additionally, implementing multi-factor authentication can help secure access to critical systems. Training employees to recognize phishing attempts and suspicious activities is also vital. By fostering a culture of security awareness, organizations can better defend against these evolving threats. The rise of the LeakNet ransomware gang serves as a stark reminder of the importance of continuous vigilance in cybersecurity.

🔒 Pro insight: The use of Deno in ransomware operations signals a shift towards more sophisticated attack vectors, requiring enhanced detection capabilities from security teams.

Original article from

SC Media

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malware - New Android OS Attack Enables Payment App Takeovers

A new attack method threatens mobile payment apps on Android. Hackers can hijack accounts and commit fraud, raising serious security concerns. Mobile payment providers are urged to enhance their security measures.

SC Media·
HIGHMalware & Ransomware

Medusa Ransomware - Attacks University Medical Center, County

Medusa ransomware has struck the University of Mississippi Medical Center and New Jersey's Passaic County, demanding an $800,000 ransom. This attack highlights the ongoing threat of ransomware in critical sectors. Immediate protective measures are essential to mitigate risks.

SC Media·
HIGHMalware & Ransomware

Malware - New Threat Targets Linux Devices for DDoS, Mining

New malware strains are targeting Linux network devices for DDoS attacks and cryptocurrency mining. This poses serious risks to vulnerable systems. Organizations must act quickly to enhance their security measures.

SC Media·
HIGHMalware & Ransomware

Vidar 2.0 Malware - Targeting Gamers for Crypto Theft

A new malware campaign called Vidar 2.0 is targeting gamers, stealing their cryptocurrency and account details. This stealthy infostealer exploits gamers' desire for cheats, posing serious risks. Stay aware and protect your accounts from this growing threat.

SC Media·
HIGHMalware & Ransomware

Malware - SnappyClient Targets Crypto Wallets with Spying

A new malware named SnappyClient is on the rise, targeting crypto wallets. It enables remote access and data theft, posing serious risks to users. Protect your digital assets!

Dark Reading·
HIGHMalware & Ransomware

Malware - State-Sponsored Spyware Targeting iPhones Exposed

A new exploit kit named DarkSword is targeting iPhones, stealing sensitive data from users. Multiple spyware vendors, including state actors, are involved. This raises significant privacy concerns for millions of iPhone owners.

The Register Security·