This devious ransomware is now more dangerous than ever TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. This devious ransomware is now more dangerous than ever By Sead Fadilpašić published 13 June 2022 Encrypting files apparently isn't enough for Hello XD ransomware (Image credit: Shutterstock / binarydesign) Audio player loading… With new obfuscation techniques, and attack capabilities, the Hello XD ransomware (opens in new tab) is now more dangerous than ever before, Unit 42, Palo Alto Networks' cybersecurity arm, has found. The group discovered Hello XD now features a new encryptor featuring custom packing, that helps the malware (opens in new tab) stay hidden. What's more, it comes with new changes to the encryption algorithm. Instead of the modified HC-128 and Curve25519-Donna, this newly discovered version comes with Rabbit Cipher and Curve25519-Donna. Furthermore, the file marker no longer features a coherent string, but rather carries random bytes, further strengthening the cryptography. Also, the strain carries a link to an onion site, but according to researchers, the site is currently offline, possibly pending construction. (opens in new tab) Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99. Deploying MicroBackdoor Usually, ransomware operators do two things during their attack: exfiltrate all of the sensitive data to a location they can control, and encrypt everything they find on the target network. That way, in case the victim has a backup solution, they can still threaten to release sensitive data online, or sell it to a third party. Hello XD takes it a step further, it was found, as besides the ransomware, the threat actor also deploys MicroBackdoor, an open-source backdoor that allows remote code execution, file exfiltration, and system modifications. Read more> Most ransomware victims pay up, but many never recover their data (opens in new tab) > Ransomware actors have found a new way to make victims pay up (opens in new tab) > This weird ransomware can only be decrypted by going to the Roblox store (opens in new tab) The malware's executable is encrypted with WinCrypt API, and embedded within the ransomware payload, it was said. It also doesn't have a specific amount of money in mind, that it seeks to gain in exchange for the decryption key. Instead, it tells victims to open up a TOX chat service and start a negotiation process. Hello XD was first spotted late last year, when researchers described it as a spin-off from the then-popular Babuk ransomware. This newly discovered version, however, is a significant step away from Babuk, suggesting that the threat actors behind it plan on developing it further. To stay safe from cyberattacks, businesses are urged to educate their employees on the dangers of phishing, keep their software up to date, and set up a strong antivirus and firewall (opens in new tab)solution. Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie3Google Pixel Tablet is what Apple should've done ages ago4RTX 4090 too expensive? Nvidia resurrects another old favorite5More than one million credit card details leaked online1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2iPhone 15 tipped to come with an upgraded 5G chip3If this feature succeeds for Modern Warfare 2, Microsoft can't ignore it4Apple October launches: the new devices we might see this month5The Rings of Power episode 8 trailer feels like one big Sauron misdirect Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)