Summary: The HexaLocker ransomware group has released a new variant, HexaLocker V2, which incorporates advanced encryption and data theft capabilities. This resurgence marks a significant evolution in their attack strategy, combining ransomware with a data-stealing component known as Skuld.
Threat Actor: HexaLocker | HexaLocker
Victim: Various targets | various targets
Key Point :
- HexaLocker V2 utilizes a self-copy mechanism and establishes persistence through the Windows registry.
- The ransomware employs AES-GCM for dynamic string generation, complicating detection efforts.
- Skuld, the data-stealing component, targets sensitive information from popular browsers before file encryption occurs.
- Files are encrypted using the ChaCha20 algorithm, with the original files deleted to hinder recovery.
- Victims receive ransom notes with instructions for contacting the threat actors through various channels.
Source: https://securityonline.info/hexalocker-v2-ransomware-reborn-with-advanced-tactics/