JavaScript-based BlueCrab Ransomware Has Stopped?


The distribution of BlueCrab (Sodinokibi and REvil) ransomware exploiting JavaScript has stopped since July 13th, 2021. There have been many cases of the distribution being stopped and then resumed after going through changes, but this is the first time to have it stopped for such a long period.

BlueCrab ransomware is distributed through forum posts disguised as file download pages. When users download and run the JS file, the script downloaded through C2 is executed, infecting the system with ransomware.

Read more…