Cybersecurity experts have found a new SolidBit ransomware variant that is targeting the users of various popular games and social media platforms.
“The malware was uploaded to GitHub, where it is disguised as different applications and an Instagram follower bot to lure in victims,” cybersecurity solutions firm Trend Micro has said.
While it is not new for ransomware to disguise itself as a legitimate program or a tool as a social engineering lure, SolidBit’s new variant targets games and applications with a large user base.
Experts at Trend Micro have claimed that the League of Legends account checker on GitHub is bundled with a file that contains instructions on how to use the tool. But it is only a lure the users. Nathaniel Morales, Ivan Nicole Chavez, Monte de Jesus, Lala Manly and Nathaniel Gregory Ragasa have recently published details of their findings on the new ransomware variant. “When an unsuspecting victim runs the application, it automatically executes malicious PowerShell codes that drop the ransomware into the system,” it said.
“Among the files bundled with the account checker, we also found an executable file named Rust LoL Accounts Checker.exe, which is protected by Safengine Shielden, obfuscating samples and applications to make reverse engineering and analysis more difficult,” it said.
When this file is executed, an error window appears and claims that debugging tools have been detected.
“If users click on this executable file, it will drop and execute a programme with malicious codes that drop and execute the SolidBit ransomware,” Trend Micro said.
“It will begin disabling Windows Defender’s scheduled scans and any real-time scanning of some folders,” it said.
This SolidBit variant will also terminate multiple services, delete any shadow copies and backup catalogs.
Cybersecurity experts at Trend Micro said that SolidBit ransomware is compiled using .NET and is actually a variant of Yashma ransomware, which is also known as Chaos.
“It’s possible that SolidBit’s ransomware actors are currently working with the original developer of Yashma ransomware and likely modified some features from the Chaos builder, rebranding it as SolidBit,” it felt.
How to guard onself
It pointed out that the hackers maybe gearing up to expand their operations through recruiting ransomware-as-a-service partners, who can facilitate a wider scale of infection.
Experts have recommended the use of multifactor authentication (MFA) to prevent attackers from performing lateral movement inside a network.
“You should adhere to the 3-2-1 rule when backing up important files --three backup copies on two different file formats, with one of the copies stored in a separate location,” they said.
“You need to patch and update the systems regularly. It’s important to keep one’s operating system and applications up to date, which will prevent malicious actors from exploiting any software vulnerabilities,” it said.