Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.
A newly discovered ransomware, ‘Hakuna Matata’, has been distributed targeting Korean companies. It has been exploiting the exposed Remote Desktop Protocol (RDP) as its initial attack vector, and persists within the compromised systems, functioning similarly to ClipBanker.
Recently, AhnLab Security Emergency response Center (ASEC) has identified that the Hakuna Matata ransomware is being used to attack Korean companies. Hakuna Matata is a ransomware that has been developed relatively recently. The first report related to Hakuna Matata was identified on July 6th, 2023 on Twitter. [1] On July 14th, 2023, a post of a threat actor promoting Hakuna Matata on the dark web was shared on Twitter as well. [2] Also, out of the ransomware strains uploaded on VirusTotal, the file uploaded on July 2nd, 2023 is confirmed to be the first case.
Hakuna Matata is different from other typical ransomware types in that it includes a ClipBanker feature. Even after encryption, it remains in the system to change the Bitcoin wallet address to that of the threat actor. Therefore, if the user sends Bitcoins in the same system after it has been encrypted, there is a potential risk of sending Bitcoins to the threat actor’s wallet address instead of the one the user wants.
What do you think?
It is nice to know your opinion. Leave a comment.