According to a new report published by US security companies Cyderes and Stairwell, ransomware affiliates are experimenting with new data destruction capabilities aimed to evade detection and increase the chances of a payout. In addition, the techniques and tactics could minimize the opportunities for the development of a Decrypter. The attackers are leveraging a tool that attempts to corrupt files in the victim’s system after exfiltration rather than encrypting them. The security companies explained that the malware iterates over the drives of the victim machine, which creates a line of files that match a list of designated extensions that are later corrupted.
As the files are uploaded to the server controlled by the attackers, the ones that have already been copied are then added to a list to be processed by an eraser tool. The new tactics offers the attackers several advantages, one of which being that the usage of legitimate file data to corrupt other files may appear to be safe to security tools and therefore bypass security measures and ransomware detection.
Read More: Ransomware Affiliates Adopt Data Destruction