all InfoSec news
BlackBit Ransomware Being Distributed in Korea
Malware Analysis, News and Indicators - Latest topics malware.news
AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of the BlackBit ransomware disguised as svchost.exe during the team’s monitoring. According to the ASEC’s internal infrastructure, the BlackBit ransomware has been continuously distributed since September last year.
The ransomware uses .NET Reactor to obfuscate its code, likely to deter analysis. It is possible to observe similar characteristics between the functioning ransomware and the LokiLocker ransomware.
The BlackBit ransomware goes through the following preparations before performing its encryption process. …
ahnlab analysis asec blackbit ransomware center code distributed distribution emergency encryption infrastructure internal korea lokilocker malware analysis monitoring order path performing persistence process ransomware response security september startup team