JKwerlo became one of the ransomware terrorizing France and Spain. A fairly new malware in the market, it targets mostly individuals instead of companies.
A detailed report from Cyble Research & Intelligence Labs (CRIL) provides insights into how JKwerlo operates. This ransomware variant is built on Go, which demonstrates a level of sophistication in its cyberattacks.
Distribution Methods of JKwerlo
The campaign begins by distributing language HTML files through spam emails luring recipients to interact with what appears to be legal notices or urgent information.
JKwerlo combines engineering tactics with expertise incorporating zip archives within HTML files to carry out complex infiltration maneuvers. Doing it can avoid detection while precisely deploying payloads.
To carry out its tasks effectively JKwerlo heavily relies on PowerShell commands. It uses these commands to disable system utilities and navigate through networks.
JKwerlo employs infection strategies when targeting Spanish victims. This showcases the adaptability and complexity of the campaign. While the Spanish approach directly executes the payload upon interacting with the HTML file the French campaign incorporates layers of obfuscation through PowerShell scripts and Dropbox links.
Challenges for Cybersecurity Analysts
The intricate architecture of JKwerlo poses challenges, for cybersecurity analysts and researchers. Its framework based on Go and encoded PowerShell commands make analysis and detection efforts more difficult. As a result, mitigating this threat becomes more complex.
Moreover, the encryption algorithms and methods used by JKwerlo can cause disruption leading to the loss of data and financial consequences, for those affected.
In a similar development, Dutch newspaper De Volkskrant, a Dutch engineer enlisted by the intelligence agencies of the Netherlands, utilized a water pump to introduce the notorious Stuxnet malware into an Iranian nuclear facility.
Stuxnet, often credited with joint operations between the United States and Israel, was designed to sabotage Iran’s nuclear program by infiltrating industrial control systems linked to nuclear centrifuges.
