image credit: pixabay
Cybersecurity researchers have uncovered a new ransomware group, which after failing to directly encrypt their victim’s files, copied them into a password-protected archive, before encrypting the password, and deleting the original files.
Sharing insights into the threat actor, which identifies itself as “Memento Team,” Sean Gallagher from the Sophos MTR’s Rapid Response Team writes that the operators use a renamed freeware version of the legitimate file compression utility WinRAR.
Comments are closed.
