Octocrypt, Alice and AXLocker Ransomware, new threats in the wildSecurity Affairs

Experts from Cyble Research and Intelligence Labs (CRIL) have discovered three new families of ransomware: AXLocker, Octocrypt and Alice Ransomware.

Threat intelligence firm Cyble has announced the discovery of three new ransomware families named AXLocker, Octocrypt and Alice Ransomware.

AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. Code analysis revealed that the startencryption() The function implements the ability to search for files by listing available directories on the C: drive. The malware only targets specific file extensions and excludes a list of directories from the encryption process.

AXLocker ransomware uses AES encryption algorithm to encrypt files, unlike other ransomware, it does not change the name or extension of encrypted files.

“After encrypting victim’s files, the ransomware collects and sends sensitive information such as computer name, username, machine IP address, system UUID and Discord tokens to YOUR.” read it analysis edited by Cyble.

The malware uses regular expression to find Discord tokens in local storage files and then send them to the Discord server along with other information.

Once the ransomware encrypts the files, it displays a pop-up window containing a ransom note with instructions to contact the operators. The ransom note does not include the amount demanded from the victims to recover their files.

Cyble has also discovered a new strain of ransomware called Octocrypt, it is Golang ransomware and its operators are adopting the Ransomware-as-a-Service (RaaS) business model. The malware appeared in the threat landscape around October 2022 and is offered for 400 USD.

“The Octocrypt web panel generator interface allows TAs to generate ransomware binary executables by entering options such as API URL, Crypto Address, Crypto Amount, and Email Address of contact.” continues Cyble.

The third ransomware strain discovered by Cyble dubbed “Alice” is also offered as Ransomware-as-a-Service (RaaS).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(Security cases hacking, AXLocker ransomware)












Comments are closed.