Attackers Still Using SunCrypt Ransomware To Compromise Organizations

SunCrypt ransomware operators are still using the ransomware to compromise organizations. According to Minerva Labs, the gang recently compromised Migros, Switzerland’s largest supermarket.

The malware operators have developed a better version of their strain which offers new capabilities. The capabilities include process termination, stopping services, and wiping the machine clean for ransomware execution.

The process termination feature includes resource-heavy processes that can block the encryption of open data files such as WordPad (documents), SQLWriter (databases), and Outlook (emails).

SunCrypt operators however retained the use of I/O completion ports for faster encryption through process threading.

They also continue to encrypt both local volumes and network shares while maintaining an allowlist for the Windows directory and other items that render a computer inoperable when compromised.

SunCrypt was notoriously known in mid-2020 as one of the pioneers of triple extortion on non-paying victims.

For more information, read the original story in BleepingComputer.

Attackers Still Using SunCrypt Ransomware To Compromise Organizations

Top Stories

Windows 11 update triggers Outlook crashes for some users

OpenAI could run out of money in months, financial expert warns

Microsoft promises to shield communities from rising power bills, other burdens

Anthropic says AI now writes over 90% of the code behind Claude

Lenovo bets on a post-VMware world with new multi-hypervisor FX systems

Anthropic launches AI healthcare tools amid OpenAI competition

Related Articles

Windows 11 update triggers Outlook crashes for some users

Researchers uncover advanced Linux malware framework built for cloud environments

Details of 4,500 ICE and Border Patrol agents leaked online

Chinese customs blocks Nvidia’s H200 imports, sources say

TND Newsdesk

TND Newsdesk

Jim Love

Follow Us

Popular categories

Tech News Delivered