Science and Tech

Ymir, the dangerous ransomware discovered by Kaspersky: it operates in memory and leaves no trace

Infected mobile

Threats on the Internet do not give up and hackers continue to perfect their advanced hacking tools and methods to steal personal and financial data from both users and large companies.

In this scenario, malware continues to be one of the most dangerous threats, and names like ToxicPanda or Winos4.0 have already put systems around the world in check. However, a new danger has arisen, which is said to be quite dangerous, it is the Ymir ransomware.

A group of cybersecurity experts of the team Kaspersky GERT has detected this never-before-seen threat, which is distinguished by its advanced techniques to avoid detection.

It should be noted that it does not act like other conventional ransomware; Instead of leaving traces on the hard drive, this operates directly in system memorymaking it extremely difficult to detect by security programs.

The new computer virus that is distinguished by its advanced encryption techniques

Ymir is a type of ransomware designed to infiltrate computers and encrypt critical filespreventing access to information until the victim pays a ransom. Use functions like malloc, memmove and memcmp to load your code directly into RAM.

It means that it does not leave obvious traces on the hard drive, making it difficult for antivirus to detect it. How does it manage to sneak into your computer? Hackers often use malware that steals credentials, such as RustyStealerto gain access to the PC.

Once inside, use remote administration toolsas Process Hacker and Advanced IP Scannerto take control of the system and run Ymir. They then access the system using WinRM and PowerShell commands, ensuring that the threat is deployed easily.

Once the ransomware has infected your computer, use the algorithm ChaCha20 to encrypt your files. Add the extension “.6C5oy2dVr6” to the encrypted data and generates a ransom note in PDF format with instructions to pay the ransom.

To protect yourself from Ymir, it is crucial to have advanced and updated security softwarebe cautious when opening files or links from unknown sources and enable two-step authentication. It is important that you take measures to protect your computer and your data.

Get to know how we work in ComputerToday.

Tags: Virus

Source link