ShadowRoot Ransomware Targeting Turkish Businesses

Our X-Labs team’s research seems to have discovered and identified basic ransomware targeting Turkish businesses. The attack vector initiates through a PDF attachment disseminated via suspicious emails originating from the “internet[.]ru” domain. The embedded links within the PDF facilitate the download of a subsequent stage exe payload upon user interaction. It encrypts files with “.shadowroot” extension. Currently, ransomware is actively…