A recently uncovered operation has been mutating versions of ransomware to better avoid getting detected. As part of the campaign, which researchers from Cambridge-based Cybereason have dubbed Kofer, attackers are tweaking certain variables of ransomware like CryptoWall 3.0 and Crypt0L0cker to evade static signature or hash-based detection.
While the malware variants are different, researchers have deduced that they’re being altered by one, singular group. As a whole the variables look similar. Researchers with the firm insist that in addition to having the same appearance, the malware is being delivered the same way as well. Each one masquerades as a PDF document and comes complete with fake icons and file names in hopes that an unsuspecting user will open the file.
View full story