Vin Ransomware Blog02

Our Previous post talked about the initial overview of the Shamoon 2.0 sample. This analysis is a continuation of our last post but with a more insight on the working and behavior of the malware.

The destructive Shamoon malware campaign again returns in January 2017 targeting several Saudi organizations. The Shamoon malware first detected in 2012, wiping the data on over 30,000 computer systems and rewriting the hard drive Master Boot Record with a picture of a burning US flag.

Update : The tool has been updated to detect the latest Jan 2017 variant of the Shamoon2 malware - 01-24-2017 03:09:15 IST

On December 1, 2016, Crowdstrike[2] reported a new targeted attack on some Gulf companies using the Shamoon malware. Shamoon is a malware that infected companies in Middle East and primarily wiped their hard disk. This is a new variant and is dubbed as Shamoon 2.0[1].

Shade is a malware that belongs to the ransomware type. A ransomware is a malicious program that once run, will modify all important data in the computer. The important data may be of any type depending on the particular system it attacks and may include photos, media files, documents and archives. It modifies all the important data that resides in a hard disk, USB disk and/or in the share drives / folders. The modification is performed using Cryptographic algorithms. So, these type of ransomwares are also called CryptoRansomware.

Jigsaw Ransomware which is propagating past few months with the capabilities of not only encrypting the files of the victims but also deleting the files if the ransom is not paid. A ransomware