JupyterLab’s Web Notebooks Hit Clipped Emergent Python-based Ransomware Strain

Aqua’s security assessment team has recently announced the discovery of a new type of ransomware. The yet-to-be-named malware uses Python-based scripting for malicious file encryption and subsequent obfuscation. Telemetry indicates that the emergent Python-based ransomware strain may have originated in Russia and that it was specifically engineered to target and ransom out JupyterLab Web notebooks.

Nameless Malware ‘Honeypotted’ After the Attack

Following the incident, security analysts from Aqua Security have successfully sequenced the ransomware. Very few facts are known regarding the malware’s origin or its purpose; the initial assessment indicated that the ransomware might have Russian roots and that it might have been used to study the potential (and inherent limitations) of Python-powered malware.

Popularity-wise, Python’s not exactly the go-to choice when it comes to malware development, most going for C++, Go, Objective-C, Swift, and Delphi 2. However, this does not amount to the fact that Python is an ineffective malware creation language; far from it.

Python has been successfully employed for some time now to create backdoors and viruses; a fact corroborated by Valery Linkov who deployed customized “Poisonous Python” libraries to build a virus, a locker, and an encryptor. So, it’s not that uncommon for threat actors to

Read More: https://heimdalsecurity.com/blog/jupyterlabs-python-based-ransomware/