Our X-Labs team’s research seems to have discovered and identified basic ransomware targeting Turkish businesses. The attack vector initiates through a PDF attachment disseminated via suspicious emails originating from the “internet[.]ru” domain. The embedded links within the PDF facilitate the download of a subsequent stage exe payload upon user interaction. It encrypts files with “.shadowroot” extension. Currently, ransomware is actively…
ShadowRoot Ransomware Targeting Turkish Businesses
- Post author:MiamiCrypto
- Post published:July 12, 2024
- Post category:Uncategorized