Home » Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs

Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs

by Security Boulevard
0 comment

ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.
Executive Summary

ReversingLabs recently discovered of a new version of the AstraLocker ransomware (AstraLocker 2.0) that was being distributed directly from Microsoft Office files used as bait in phishing attacks. Our analysis suggests that the threat actor responsible for this campaign likely obtained the underlying code for AstraLocker 2.0 from a leak of the Babuk ransomware in September 2021. Links between the two campaigns include shared code and campaign markers, while a Monero wallet address listed for ransom payment is tied to the Chaos Ransomware gang.

The post Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs appeared first on Security Boulevard.

You may also like

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign