Researchers have newly discovered a malicious cyberspace entity called CatB ransomware. Based on reports, the ransomware could perform MSDTC service DLL hijacking to deploy and run its payload.
Researchers initially uncovered the ransomware sample a couple of months ago, sharing several features with the Pandora ransomware operation.
The newfound CatB ransomware executes multiple strategies to bypass detections from cybersecurity software.
An investigation revealed that the CatB ransomware employs several anti-VM tactics, followed by a DLL hijacking operation to avoid getting detected by security solutions.
However, the ransomware’s payload first reviews the processor’s core, hard drive capacity, and physical memory of the targeted device before executing its anti-evasion techniques.
Once CatB’s malware is executed on the targeted machine, the ransomware could bypass encrypting files with EXE, DLL, SYS, ISO, and MSI extensions and the NTUSER[.]DAT archive.
The researchers noted that the ransomware appends the ransom note to the beginning of every encrypted for its post-encryption operation. Experts said this method is uncommon for hackers as most of them drop a separate ransom note to declare their attack.
Unfortunately, the CatB ransomware is not the only sophisticated ransomware group that has emerged since there have been several samples that the researchers identified in the past few months.
The RansomExx was among the new sophisticated threat groups with new attack capabilities. The group used the Rust language to improve its evasion.
In a similar incident, the BlackByte ransomware group was discovered by researchers exploiting the “Bring Your Own Driver” (BYOD) technique to bypass security solutions.
Lastly, the Magniber ransomware group were also observed by researchers endorsing phoney AV and security updates to spread malware onto targeted systems elusively.
Cybersecurity experts explained that these malicious threat actors would continue to upgrade and improve their evasion capabilities. Therefore, organisations are suggested to employ IOCs to study the existence of these threats in their environment and assess the potential breach.
As of now, users should fortify cybersecurity defences, and spreading awareness to employees could dramatically increase the chances of not getting infected by these attacks.
