Hunters International, is a rapidly growing, Ransomware-as-a-Service group, that emerged in October 2023. The group has quickly become a major threat actor, executing about 134 attacks through July 2024.
Hunters International has been reported to deliver new malware named SharpRhino, disguised as legitimately signed network administration software. This allows them to gain initial access and maintain persistence on targeted networks.
SharpRhino is used to launch ransomware attacks. Ransomware is a type of malware that encrypts files and presents a ransom note with payment instructions for decryption. Before encrypting files, the cybercriminals behind the SharpRhino ransomware attacks steal data from the infected devices.
The financially motivated ransomware group uses a two-pronged attack strategy, starting with data exfiltration and then encrypting files with a sophisticated Rust-based encryptor.
The malware’s functionality includes delaying command execution and terminating its operation based on specific commands. A proof-of-concept C2 server was built to demonstrate full control over the malware, including the ability to spawn processes like the calculator application.
Ransomware is a major concern for many companies. Here, we provide several ways to keep your users informed and mitigate the risk of ransomware attacks.
Ensure your users are:
Inform about sponsored search results to avoid malvertising.
Encourage them to activate ad blockers to hide these results entirely.
Use bookmarks for official project sites that are known to provide safe installers.
Share with your users about new attack vectors and provide security awareness training.
To mitigate the effects of ransomware attacks you should have the following in place:
Establish a backup plan.
Perform network segmentation.
Ensure all software is up to date to reduce opportunities for privilege elevation and lateral movement.
Use security networks, proxies, or VPNs whenever possible.
Have an incident response plan if you suspect ransomware.
By implementing these strategies and keeping your users informed, you can significantly reduce the risk of ransomware attacks on your organization. Stay vigilant!
References:
Toulas, B. (2024, Aug. 5). Ransomware gang targets IT works with new SharpRhino malware. Bleeping Computer. https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware/
How can CyberForce|Q services help you address this risk?
Our team can assist your organization in reviewing the devices on your system and determining the level of prioritization they need. We can conduct a penetration test for your organization to gain thorough understanding of the gaps within your environment. – reach out to solutions@cyberforceq.com.
Learn more about CyberForce|Q.
Comments