Hello XD ransomware now drops a backdoor while encrypting

Home/Ransomware, Security Advisory, Security Update, Tips/Hello XD ransomware now drops a backdoor while encrypting

Hello XD ransomware now drops a backdoor while encrypting

Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an stronger encryption .Instead, it prefers to direct the impacted victim to negotiations through TOX chat and onion-based messenger instances.

Hello XD Ransomware

HelloXD is a ransomware family performing double extortion attacks that surfaced in November 2021. During our research we observed multiple variants impacting Windows and Linux systems.

In the latest version, the malware operators have added an onion site link on the dropped ransom note. However, Unit 42 says the site is offline.

It was observed that one of the samples deployed MicroBackdoor, an open-source backdoor allowing an attacker to browse everything. The infection was employed for stealing corporate data before data encryption on the machine.

Unit 42 has observed x4k in various hacking and non-hacking forums, which has linked the threat actor to additional malicious activity such as:

  • Cobalt Strike Beacon deployment.
  • Selling proof-of-concept (PoC) exploits.
  • Crypter services.
  • Developing custom Kali Linux distros.
  • Hosting and distributing malware.
  • Deployment of malicious infrastructure.

The most interesting aspect of the second major version of Hello XD

  • Switching the encryption algorithm from modified HC-128 and Curve25519-Donna to Rabbit Cipher and Curve25519-Donna.
Reference : paloaltonetworks

Unit 42 research encountered HelloXD, a ransomware family in its initial stages – but already intending to impact organizations

Indicators of Compromise for Hello XD Ransomware

HelloXD Ransomware samples


Follow us for more, Facebook, Twitter, LinkedIn and Instagram

By | 2022-06-17T13:54:14+05:30 June 14th, 2022|Ransomware, Security Advisory, Security Update, Tips|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!