روک کا نیا رینسم ویئر بابوک سورس کوڈ پر مبنی ہے۔

Sentinel One experts دریافت کیا ہے a new ransomware Rook, which appears to be based on the long-leaked source code of the Babuk ransomware.

The malware payload is usually delivered via Cobalt Strike, using phishing emails and pirated torrents as the initial infection vector. For more stealth, Rook payloads are packaged using UPX or other cryptographic means.

When launched, the ransomware tries to terminate any processes related to security mechanisms or other things that might also interrupt encryption.

The report also notes that Rook uses vssadmin.exe to remove shadow copies.

اب تک, researchers have not found any pinning mechanisms on the system, so Rook encrypts files by adding the .Rook extension to them, and then deletes itself from the compromised machine.

The researchers write that they noticed numerous code similarities between Rook and Babuk, whose source code was published on a Russian-language forum in the fall of 2021. مثال کے طور پر, Rook uses the same API calls to get the name and status of each running service, and the same functions to kill them. اس کے علاوہ, the list of eliminated Windows processes and services is the same for both ransomware (including: بھاپ, مائیکرو سافٹ Office and Outlook email client, as well as Mozilla Firefox and Thunderbird). اس کے نتیجے میں, Sentinel One experts conclude that Rook is based on the Babuk source code.

مجھے آپ کو یاد دلانے دو کہ ہم نے یہ لکھا ہے خونساری ransomware attacks Minecraft servers, نیز اسی کے ساتھ ساتھ محققین نے دریافت کیا الفوی مورچا میں لکھا ہوا رینسم ویئر.