According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.
| Title | Available | Last Visit | FQDN | Screenshot |
|---|---|---|---|---|
| None | 🔴 | 2021-05-01 00:00:00.000000 | wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion | N/A |
| Decrypt Site | 🔴 | 2021-08-27 00:03:27.017295 | sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion | N/A |
| Employees(s) | Customer(s) | Third Party Employee(s) |
|---|---|---|
This information is provided by HudsonRock
You're leaving the Ransomare.live site. Do you want to continue?