Data malware ‘Exmatter’ upgraded with new extortion tactics

Share post:

A new sample of the data exfiltration malware “Exmatter” was discovered by malware analysts with Cyderes Special Operation. The malware now offers improved data corruption capabilities that could guarantee hackers a new extortion tactics for compromising organizations.

According to researchers from Stairwell and Cyderes, the new capability could serve as a new tactic and a new shift from traditional ransomware attacks, in which data is stolen and then encrypted, to attacks, in which data is stolen and then deleted or damaged.

“As files upload to the actor-controlled server, the files that have been successfully copied to the remote server are queued to be processed by a class named Eraser. A randomly sized segment starting at the beginning of the second file is read into a buffer and then written into the beginning of the first file, overwriting it and corrupting the file,” Cyderes said.

However, Stairwell researchers believe that Exmatter’s partially implemented data destruction capacities are still under development because there is no mechanism to remove files from the corruption queue and because the feature that uses the Eraser class, called Erase, does not appear to be fully implemented.

“Affiliates have also lost out on profits from successful intrusions due to exploitable flaws in the ransomware deployed, as was the case with BlackMatter, the ransomware associated with previous appearances of this. NET-based exfiltration tool. Eliminating the step of encrypting the data makes the process faster and eliminates the risk of not getting the full payout, or that the victim will find other ways to decrypt the data,” Cyderes said.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways