Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A new version of the Qilin ransomware was discovered by cybersecurity researchers. The new version comes with increased sophistication and tactics to evade detection.
The new variant is being tracked as Qilin.B by researchers at Halcyon and it notably supports AES-25-CTR encryption systems with AWSNI capabilities. Furthermore, encryption keys are protected using RSA-4096 with OAEP padding, which prevents file decryption using the attacker’s private key or stolen seed values.
Details About the New Qilin
Also known as Agenda, Qilin became known in the cybersecurity community around July/August 2022, with initial version written in Golang before switching to Rust.
The RaaS operation allows its affiliates anywhere between 80% to 85% if each ransom payment after it infiltrates the group and strike a conversation with a Qilin recruiter.
In a sort of deviation from conventional double extortion attacks, recent attacks connected to the ransomware operation have stolen credentials stored in Google Chrome browsers on a limited number of affected endpoints.
Halcyon’s analysis of Qilin.B samples reveals that it improves upon previous versions by adding more encryption features and better operational strategies.
This involves encrypting using AES-256-CTR or Chacha20 and taking precautions against analysis and discovery, such as stopping security tool services, regularly cleaning out Windows Event Logs, and erasing the program itself.
It also has the ability to erase volume shadow copies and terminate activities connected to backup and virtualization services like Veeam, SQL, and SAP, which makes recovery more difficult.
The continued evolutionary strategies used by ransomware groups indicate the persistent and harmful nature of the danger posed by ransomware.
If you liked this piece, you can find more on the blog. Follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
