![]() ![]() Other notable features include compatibility with “all lines of Windows OSs”, with some indications that the ransomware will even run on Windows XP and earlier. Specific encryption algorithms (both symmetric and asymmetric) have been employed based on their speed (e.g., Poly1305 is used for signing the primary encryption key rather than something like SHA1). Most of the updates in Zeoticus 2.0 are focused on speed and efficiency. Multiple researchers and security vendors began to take notice and analyze these updated samples ( e.g., tweet from recent public announcement includes updates on file extension-based identification and performance around the prioritization and encryption of extremely large files. In December 2020, samples of Zeoticus 2.0 were observed and reported in the wild. ![]() Since late 2020 and moving into early 2021, the vendor has continued to maintain and offer updates on the Zeoticus service. Like many other families, use within the CIS is discouraged in order to avoid any backlash from regional government and law enforcement agencies. It is also worth noting that the malware is designed not to function in some regions, specifically Russia, Belarus, and Kyrgyzstan. Zeoticus ransomware will execute fully offline, with no dependence on a C2 (Command & Control). Unusually, there are no connectivity requirements for the payloads to execute. The ransomware is currently Windows-specific and, according to the developers, functions on all “supported versions of Windows”. Initially, the ransomware was offered as a complete custom build for an undisclosed fee. Zeoticus ransomware first appeared for sale in various underground forums and markets in early 2020. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |