Analysis of Qilin Ransomware Using Selective Encryption Algorithm (Distributed Targeting Linux, ELF Type)
There has recently been a surge in the tendency for attacks targeting Korean asset and investment management companies. As described in this report, the ransomware encrypts files with an AES symmetric key and then encrypts that AES symmetric key with an RSA public key. This means that the possibility of
Analysis on the Qilin Ransomware Using Selective Encryption Algorithm
Recently, Qilin ransomware has been launching continuous attacks on companies in various countries and industries around the world, and cases of damage have also been identified in South Korea. This post analyzes the key features and encryption methods of Qilin ransomware, as well as the technical reasons why decryption is
Trigona Rebranding Suspicions and Global Threats, and BlackNevas Ransomware Analysis
BlackNevas has been continuously launching ransomware attacks against companies in various industries and countries, including South Korea. This post provides a technical analysis on the characteristics, encryption methods, and reasons why BlackNevas encrypts files in a way that makes them impossible to decrypt. It is hoped that this post will
CyberVolk Ransomware: Analysis of Double Encryption Structure and Disguised Decryption Logic
The CyberVolk ransomware, which first emerged in May 2024, has been launching attacks on public institutions and key infrastructures of various countries, posing a continuous threat. The ransomware is particularly notable for its pro-Russia nature, as it primarily targets anti-Russian countries, making it a geopolitically significant cyber threat. This post
Interlock Ransomware’s Targeted Attacks on Companies
Summary About Interlock – Appeared at the end of September 2024 – Ransomware attacks targeting companies in various countries and industries worldwide – Recently, there have also been ransomware attacks in various industries such as healthcare, education, and public institutions (e.g., DaVita, Andretti Indoor Karting & Games) – Uses unclear
Underground Ransomware Targeting Korean Companies
The Underground ransomware gang is launching continuous ransomware attacks against companies in various countries and industries, including South Korea. This post describes the analysis and characteristics of the Underground ransomware. 1. Overview 1.1 Team Underground The ransomware strain operated by the group known as Underground was first identified in
