Join the CyberIntelMatrix Free Membership Program today and be part of a constantly evolving CTI community

    This site is protected by reCAPTCHA and the Google and Terms of Service apply

    Back

    New Malware Alert: SharpRhino and Emerging Ransomware Threats in 2024

    Posted on
    SharpRhino Malware Alert – Cybersecurity Risks and Ransomware Threats 2024
    Visual representation of the latest cybersecurity threat, SharpRhino malware, linked to Hunters International. This image highlights the growing danger of ransomware in 2024, symbolizing the need for advanced cyber defenses.

    Quorum Cyber Uncovers SharpRhino Malware Linked to Hunters International

    Quorum Cyber Incident Response recently identified a new malware strain named SharpRhino, linked to the Hunters International threat group, during a ransomware incident. This malware, written in C#, spreads through a typosquatting domain disguised as Angry IP Scanner, posing a serious security risk.

    Inside SharpRhino: A Rebranded Hive Ransomware

    The Hunters International group is suspected to be a rebranded version of the infamous Hive ransomware gang, based on shared code patterns in SharpRhino. This Remote Access Trojan (RAT) installs a trojan executable that alters system settings and establishes a command-and-control (C2) link. Once embedded, SharpRhino can deploy additional malware and uses a Rust-based encryptor to lock files, demanding a ransom for decryption.

    Hunters International: A Rising Threat in 2024

    Hunters International surfaced in October 2023 and quickly became one of the top ransomware groups. By mid-2024, they ranked as the 10th most active group, claiming responsibility for 134 attacks. Operating as a Ransomware-as-a-Service (RaaS) provider, Hunters International empowers less experienced attackers to execute ransomware attacks. Motivated by financial gain, the group selectively targets organizations across sectors, notably avoiding Russian and CIS targets, hinting at possible Russian ties.

    Additional Threats on the Rise

    BlankBot Trojan

    In Turkey, Android users are now targets of BlankBot, a sophisticated trojan still under development. BlankBot can capture keystrokes, record screens, and create overlays to steal data, all while mimicking legitimate account pages. Threat actors behind BlankBot control infected devices, perform gestures, capture screen images, create overlays, and collect sensitive data.

    CryptoKat Ransomware

    A new ransomware strain, CryptoKat, has emerged on the dark web, known for its AES encryption and rapid encryption speed. CryptoKat’s unique executables and fear-inducing tactics exploit Windows 11 vulnerabilities. One of the most troubling aspects is that the decryption key is not stored on the victim’s device, complicating recovery even after the ransomware is removed.

    Proactive Cybersecurity: Essential Measures for Today’s Threat Landscape

    In today’s cybersecurity environment, defending against threats like SharpRhino, BlankBot, and CryptoKat requires multi-layered security strategies. Key measures include:

    • Regular software updates to patch vulnerabilities.
    • Employee cybersecurity training to recognize threats.
    • Robust backup solutions to safeguard data.
    • Advanced threat detection and response tools to identify and mitigate risks early.
    • A comprehensive incident response plan to ensure fast recovery from breaches.

    Conclusion: Stay Alert and Defend Against Advanced Cyber Threats

    Organizations must be prepared to counter sophisticated attacks through proactive cybersecurity practices. By implementing layered security defenses, monitoring for emerging threats, and planning for quick incident responses, businesses can minimize the impact of cyber breaches and protect their critical assets.

    Source: cyware.com
    CyberIntelMatrix