Security flaws observed in Conti, REvil, LockBit, AvosLocker, and BlackBasta ransomware samples could be exploited to prevent file encryption, BleepingComputer reports.
Malware samples were discovered by security researcher hyp3rlinx to contain Dynamic Link Library hijacking flaws. Threat actors have been leveraging DLL hijacking to compromise applications with malicious code. However, an exploit code created by the researcher that has been compiled into a DLL averts the malware prior to the commencement of the encryption process. Organizations could store the DLL within a location that could be potentially targeted with ransomware, with exploit DLL loading expected to immediately terminate the ransomware process, according to hyp3rlinx. While ransomware groups are expected to remediate DLL hijacking vulnerabilities in their respective strains, the exploit could still help prevent operational disruption among potential victims. Vulnerabilities in the popular RedLine information stealer malware, which has been leveraged for browser-stored data exfiltration and cryptocurrency wallet theft, have also been detailed by hyp3rlinx.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.