Summary: The EByte Ransomware, created by the group EvilByteCode, is a new variant targeting Windows systems, using sophisticated cryptographic techniques for data encryption. It poses significant risks to organizations, capable of both locking user files and evading detection. Despite being marketed for educational purposes, its public availability on GitHub raises concerns about potential misuse.
Affected: Organizations utilizing Windows systems
Keypoints :
- The ransomware encrypts user data with the extension .EByteLocker while avoiding critical system files.
- It establishes persistence through a Go-based web server and utilizes command and control (C2) infrastructure.
- Victims receive a ransom note with instructions to communicate via email for decryption.
- EByte Ransomware is designed to evade detection by manipulating log files and mimicking legitimate HTTP traffic.
- A decryption tool exists but requires a private key controlled by the attacker for file restoration.
Views: 21