Attackers Still Using SunCrypt Ransomware To Compromise Organizations

SunCrypt ransomware operators are still using the ransomware to compromise organizations. According to Minerva Labs, the gang recently compromised Migros, Switzerland’s largest supermarket.

The malware operators have developed a better version of their strain which offers new capabilities. The capabilities include process termination, stopping services, and wiping the machine clean for ransomware execution.

The process termination feature includes resource-heavy processes that can block the encryption of open data files such as WordPad (documents), SQLWriter (databases), and Outlook (emails).

SunCrypt operators however retained the use of I/O completion ports for faster encryption through process threading.

They also continue to encrypt both local volumes and network shares while maintaining an allowlist for the Windows directory and other items that render a computer inoperable when compromised.

SunCrypt was notoriously known in mid-2020 as one of the pioneers of triple extortion on non-paying victims.

For more information, read the original story in BleepingComputer.

Attackers Still Using SunCrypt Ransomware To Compromise Organizations

Top Stories

U.S. Pentagon presses Anthropic to lift AI use restrictions

Canada ‘disappointed’ as OpenAI fails to offer new safety protocols after B.C. school shooting

Meta facial recognition glasses spark backlash as detection app launches

A quick primer on graph databases

Android malware taps Google’s Gemini AI, but Google says users are safe

Loblaw partners with Google to enable AI-powered shopping across Search and Gemini

Related Articles

A quick primer on graph databases

Android malware taps Google’s Gemini AI, but Google says users are safe

Over 10 million U.S. users affected in Conduent data breach

FBI flags surge in ATM jackpotting

TND Newsdesk

TND Newsdesk

Jim Love

Follow Us

Popular categories

Tech News Delivered