BleepingComputer reports that the novel Onyx ransomware operation, which has already listed six victims on its data leak site, has been focused on destroying, rather than encrypting, large files, to avert potential file decryption in the event victims pay demanded ransoms.
While Onyx has been exfiltrating data from targeted networks and engaging in double-extortion attacks like other ransomware gangs, the group's ransomware has been observed by MalwareHunterTeam to overlay random junk data on files larger than 200MB, instead of applying encryption.
MalwareHunterTeam examined the source code of the Onyx ransomware and noted that the intentional encryption routine that allows the overwriting of random data has made the decryption of larger files impossible. Paying the ransom would only enable organizations impacted by Onyx ransomware to recover smaller files. The findings should prompt Onyx ransomware victims not to pay the ransom demanded by the group, according to MalwareHunterTeam.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.