Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow

From heimdalsecurity.com

In a previously-published material, Heimdal® has analyzed the emergent Dark Power malware – a ransomware strain written in the NIM programming and capable leveraging advanced encryption techniques such as CTR for a better stranglehold on the victim’s device and, implicitly, the hosted data. Open-source threat intelligence feeds shed very little insight on the preferred vector of infiltration (i.e., functional assumption is based on the fact that, statistically speaking, most ransomware is transmitted via email) and vulnerability discovery & abuse (i.e., insufficient data on brutalized coding vulnerabilities). Heimdal®’s research in vulnerability D&A associated with the Dark Power strain has revealed that the ransomware abuses kernel-related APIs at IPC level, thus managing to move faster across the cyber-kill chain. In this article, we will take a closer look at the vulnerabilities and map out connections to know CVEs.

Read more…