Threat actors, just like any other software developer, are always looking for ways to improve their software. In the case of threat actors this is often done to avoid the mitigation that software vendors have put in place to defend against the malware or patch a vulnerability the threat actors were exploiting.
The latest variants of the HelloXD malware has apparently gone further than just patching to obfuscate from anti-virus and other detection or to change the vulnerability it was exploiting because of patches. In these newest variants the encryption being used has been improved and strengthened and the malicious task list has been expanded and the tools to carry these tasks out have been improved, making it easier for the threat actors to exfiltrate credentials and data from the infected systems.
HelloXD ransomware bulked up with improved encryption • The Register
Further Reading
There were two other significant ransomware stories today. A real world attack that hit a business in the US. This type of attack has a real impact on citizens and businesses that rely on the services impacted – it is the collateral impact that the threat actors rely on to pressure the victim into paying. If you make the attacks more vicious as well, then the impact and pressure increases.
The second story shows how even a small ransomware gang – Cerber2021 – can have a measurable impact on the hacking scene, with state sponsorship, malware designed to exploit current publicised vulnerabilities and ransomware-as-a-service.
You may not be the prime target in either of the above cases, but may be you could get caught in the fall out for such attacks, either impacting your supply line ot clients, or you could be the victim of the never ending rounds of phishing emails with links to and payloads of ransomware malware.
Clive Catton MSc (Cyber Security) – by-line and other articles