Summary: A new custom backdoor malware named Betruger has been identified in recent ransomware attacks, particularly linked to the RansomHub RaaS operation. This multifunctional backdoor is designed to perform various malicious activities to facilitate ransomware deployment while minimizing the number of tools used in an attack. The RansomHub gang has been associated with numerous high-profile breaches across critical sectors, including healthcare and government.
Affected: RansomHub ransomware operation and its victims
Keypoints :
- Betruger malware functions as a multi-functional backdoor, enabling keylogging, privilege escalation, and more.
- RansomHub employs this backdoor to streamline ransomware attack preparations by reducing the number of tools deployed on targeted networks.
- The gang has been linked to significant breaches in various sectors, including healthcare, with over 200 victims reported by the FBI.