This new ransomware comes with a small but dangerous payload

A new form of ransomware that uses discreet techniques to avoid detection before encrypting files and demanding payment in exchange for the decryption key could be linked to a notorious financial crime group. 

White Rabbit ransomware emerged in December 2021 with an attack against a US bank and has since been examined by cybersecurity researchers, who say that the ransomware appears to be connected to FIN8, a financially motivated cyber-criminal gang. 

ZDNet Recommends

FIN8 was first identified in 2016 and typically targets point-of-sale (POS) systems with malware attacks designed to steal credit card information. Now it appears that FIN8 could be following the money and shifting towards ransomware campaigns. 

SEE: Your cybersecurity training needs improvement because hacking attacks are only getting worse

According to cybersecurity researchers at Trend Micro, White Rabbit uses tactics that have been seen before, most notably by Egregor, in that it’s payload binary requires a specific command-line password before it goes ahead with the ransomware and encryption routine – a technique that allows the payload to remain undetected until it’s executed. 

The payload is also hard to detect because the file is small, only 100KB, which appears to show no signs of activity. It contains strings for logging – something

Read More: