Almost three quarters of ransomware attacks result in the data being encrypted. 51% of organizations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks. There was a small difference in ransomware attack rates based on organization size. While just under half of the smaller organizations (100-1000 employees) were hit (47%), just over half (54%) of larger organizations (1001-5000 employees) were hit.
According to different sources, Ransomware Attacks have become more sophisticated as threat actors seize sensitive corporate data and take it hostage for payment. Attackers carry out many attacks, but one is to infiltrate companies and steal their data. The amount of ransom demands has increased over the years, with some claims running into the tens of millions.
Across the world, hackers are exploiting security loopholes to take corporate, government, and health-care data hostage, demanding tens of millions of dollars in payments. Ransomware, the program by which hackers take digital information hostage, has become the first choice for malware criminals in recent years. Recent cyber attacks using ransomware as a vector of attack include attacks on Massachusetts’ Colonial Pipeline, JBS, the world’s largest meat packer, and the Washington, D.C. Metropolitan Police Department.
New Ransomwares Rising by RaaS Operators
The first samples of the ransomware were found in early July. Like the vast majority of modern ransomware, Haron attacks mainly companies and enterprises in order to maximize its profits, and also has its own data leak site, which publishes information stolen from victims if they refuse to pay to decrypt files.
Haron is a targeted ransomware therefore it adds an extension to files according to the company name. The first victim was the CHADDAD Group. The first strain of the ransomware appended to the extension of the files “.chaddad”.
CGP ransomware has been seen in July 2021, Most of the created time of sample analysed has been from 1st of july until 18th.
Haron Vs CGP Samples
|Creation Time||2021-07-13 01:21:13||2021-07-16 07:35:00|
|PEiD packer||.NET executable||.NET executable|
|IP traffic||22.214.171.124:443 (TCP)126.96.36.199:80 (TCP)188.8.131.52:443 (TCP)184.108.40.206:80 (TCP)220.127.116.11:443 (TCP)18.104.22.168:80 (TCP)22.214.171.124:80 (TCP)126.96.36.199:443 (TCP)188.8.131.52:443 (TCP)184.108.40.206:1900 (UDP)203.0.113.1:274 (UDP)||203.0.113.1:274 (UDP)220.127.116.11:443 (TCP)18.104.22.168:80 (TCP)22.214.171.124:443 (TCP)126.96.36.199:443 (TCP)188.8.131.52:80 (TCP)184.108.40.206:1900 (UDP)220.127.116.11:443 (TCP)18.104.22.168:80 (TCP)22.214.171.124:80 (TCP)126.96.36.199:80 (TCP)188.8.131.52:80 (TCP)184.108.40.206:80 (TCP)220.127.116.11:80 (TCP)18.104.22.168:80 (TCP)22.214.171.124:443 (TCP)|
Haron and CGP Negotiation Website:
Haron vs CGP :
Research and Analysis by : Jim Koohyar Biniyaz