Reports have been coming up related to the activity of the Hello XD ransomware, where an updated sample with more robust encryption has been deployed.  From the first appearance of Hello XD in November 2021, it was based on the leaked source code of Babuk and used for double-extortion attacks where the corporate data was compromised and stolen before encrypting devices. As reported by Unit 42, the new update features a custom packing for detection avoidance and encryption algorithm changes. The ransomware operation currently isn't using a Tor payment site to collect ransom but instructs victims through a TOX chat service. Recently, a link to an onion site was added to the ransom note, but the site is offline, probably under construction.

CyberManipal.

XD - not so funny

June 14, 2022

More of MIST

About MIST