Once files have been encrypted, Dark Power drops a lengthy ransom note as a “readme.pdf”, as seen in Figure 1. shs, readme.pdf (file name used for ransom note dropped by Dark Power ransomware), ef.exe (file name used for Dark Power ransomware), ntldr, thumbs.db, bootsect.bak, autorun.inf,, boot.ini, iconcache.db, bootfont.bin, ntuser.dat, ntuser.ini, desktop.ini, program files, appdata, mozilla, $windows.~ws, application data, $windows.~bt, google, $recycle.bin, windows.old, programdata, system volume information, program files (x86), boot, tor browser, windows, intel, perflogs, msocache It avoids encrypting files and directories with the following extensions: Once the Dark Power ransomware is executed, it terminates the following processes to encrypt files that are presently in use: However, it is not likely to differ significantly from other ransomware groups. Information on the infection vector used by this group is not currently available. This is a rare ransomware breed in that it was written in the Nim programming language. Severity level: High Dark Power Ransomwareĭark Power is a relatively new ransomware launched in early February 2023. Impact: Encrypts files on the compromised machine and demands ransom for file decryption Impacted parties: Microsoft Windows Users This latest edition of the Ransomware Roundup covers the Dark Power and PayME100USD ransomware. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community.
0 Comments
Leave a Reply. |