Ransomware group targets SharePoint zero-day
Briefly

The 4L4MD4R ransomware exploits known SharePoint vulnerabilities and spreads via a failed PowerShell attack. It demands a ransom of 0.005 BTC. The ransomware, based on open-source code, was discovered following a failed exploitation attempt. Attackers use an encrypted PowerShell command, disabling security features to bypass safeguards. Technical analysis shows the ransomware is written in GoLang and uses UPX for compression. Victims receive ransom instructions and a file overview, indicating a strategy focused on volume over high individual payments. The ransomware communicates through POST requests to a C2 server, reflecting common tactics in cyberattacks.
The 4L4MD4R ransomware, based on open-source code, spreads via a failed PowerShell attack and demands a ransom of 0.005 BTC.
Further investigation reveals that the 4L4MD4R ransomware is written in GoLang and compressed with UPX.
Victims are asked to pay 0.005 BTC, which indicates the attackers aim for a high volume of infections rather than large payments.
The ransomware is configured to communicate with a C2 server via POST requests, showing similarities to previous attacks.
Read at Techzine Global
[
|
]