Ransomware has been assuming different forms these days and it was only recently that we reported about a Ransomware that was a scam and deleted user’s files. Delilah is the latest Blackmailware that blackmails its target for information. Unlike other Ransomware Delilah extracts information from the target rather than money. The Trojan is still not available on the black market and is currently being used by a controlled group of hackers.
Delilah Ransomware
Diskin Advanced Technologies has further reported that the payload is delivered to the victims through the downloads from popular adult and gaming sites. Once the bot manages to gather all the necessary information it uses the same to extort the victim. The information might also be inclusive of victim’s family information. As with most of other malware, the bot also uses a social engineering plugin.
Surprisingly the instructions to the victim are delivered through a complex mesh of tools like TOR, VPN services, and measures to remove the audit trails.
That being said these bots are not completely automated and they need a high level of human intervention which makes it a risky affair for the hacker, but remember it’s always a high stakes game. Just to make it better for the attackers they are claimed to have a social engineering and fraudster team to help them out. However, the Trojan is still said to be buggy and it also freezes up sometimes. It is natural that the Threat actors want these bugs to be resolved.
As of now, there are many such malware and ransomware lurking in the Dark Web. As of now the only and the best precaution would be to stop employees from visiting the Adult websites and the gaming websites. If not handled efficiently the recruitment of Insiders will greatly damage the company’s integrity.
Source: Gartner.