Microsoft placed caution on a new strain of ransomware that uses malicious advertising to spread DanaBot, a deadly piece of malware. CACTUS is also a new strain of ransomware that causes havoc on multiple platforms.
Impact of Virus Strains
The DanaBot virus, also known as Storm-1044 is a DabaBot virus that acts as a versatile program to extract and function as a medium of entry for subsequent types of payloads. It portrays similar features of well-known viruses such as Emotet, TrickBot, QakBot, and IcedID.
A famous ransomware actor is known to be an advocate of numerous attacks, as reported by Microsoft’s threat intelligence team. The actor, Storm-0216 or Twisted Spider, performs hands-on keyboard activity. Therefore, this leads to the formation of a discrete group called UNC2198 which is responsible for past attacks. UNC2198 claims to be amongst DanaBot assaults. Thus infecting endpoints with IcedID and deploying ransomware families such as Maze and Egregor.
In addition, Microsoft admits the transit from QakBot to DanaBot is possibly the outcome of a coordinated law enforcement campaign in August 2023 that brought down QakBot’s system. The recent DanaBot approach seems to use an exclusive version of the information-stealing virus rather than the previous malware-as-a-service offering.
Following that, the virus transfers the compromised credentials to a server run by a malicious actor. They use a variety of methods to transit laterally across networks, like RDP login requests. Finally, Storm-0216 has access to the server.
Microsoft Identifies Malicious Virus in Circulation
Microsoft’s notice came only a couple of days after Arctic Wolf revealed CACTUS ransomware attacks that utilize flaws in its data analytics tool Qlik Sense. Turtle, a novel type of ransomware written in the Go programming language, is also being identified on macOS systems. Because of Gateway controls, it is authenticated with an adhoc signature to avoid initial execution.
Companies must be vigilant to protect their systems from the rising number of ransomware assaults. Maintaining a secure environment necessitates the continuous upgrade and patching of software, the implementation of efficient security measures, and the training of employees on phishing attempts.
