Sugar Ransomware Is A New RaaS Threat To The Threat Landscape.

The researchers reported that ,”Sugar ransomware appears to target individual computers rather than entire enterprises, in contrast to other ransomware operations. Sugar malware was discovered for the first time in November 2021; it is a Delphi malware that steals code from other ransomware families.

This suggests that the Sugar ransomware and its crypter were created by the same team; another scenario involves a threat actor offering a crypter to a network of affiliates. The experts also noticed some similarities between the Sugar ransomware and the REvil’s ransomware, as well as the decryptor page and the one used by Clop operators.

The crypter, which uses a modified version of the RC4 algorithm and reuses the same routine from the crypter as part of the malware’s string decoding, is one of the most intriguing components of the new malware family.

Experts discovered additional similarities in the GPLib library, which is used for encryption/decryption operations.

Finally the researchers concluded that ,”The malware is written in Delphi, but the interesting part from a RE standpoint was the reuse of the same routine from the crypter as part of the string decoding in the malware, leading us to believe that they have the same dev and the crypter is probably part of the build process or some service the main actor offers to their affiliates.”

Indicator Of Compromise

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s