Yet another strain of the Hermes ransomware has emerged. According to reports by researchers at top anti-virus firms McAfee and BAE Systems, a ransomware named Hermes was used as a diversion in an attack involving a bank heist in Taiwan. The ransomware is believed to have come from the group known as Lazarus, a known actor associated with North Korea, a nation-state known to have supported ransomware attacks in the past.
Whether it's a nation-state or independent group of cyber-criminals, ransomware attacks have increased dramatically in recent years and this newest strain shows the reuse of code to generate attacks is also on the rise.
The latest strain of the Hermes ransomware was analyzed with the Intezer Analyze system to identify code reuse. The researchers found that unique code was used in this latest variation with little reuse of functions - indicating that much of the binary has changed.
IOCs
New Sample – bcb96251c3e747c0deabadfecc4e0ca4f56ca30f8985cae807ca2ff29099d818
Related Sample – 851032eb03bc8ee05c381f7614a0cbf13b9a13293dfe5e4d4b7cd230970105e3
Credit to Jay Rosenberg | Intezer as the source.
For all your cybersecurity needs, get in touch with us.