In August 2023 [1], researchers from Netenrich made a significant discovery. They identified a new strain of ransomware called TZW [2], which is a derivative of a previous variant that emerged in January 2020. This strain [2], known as ADHUBLLKA ransomware [1], has been active since August 1, 2023 [1]. Unlike other ransomware [2], TZW specifically targets individuals and small businesses [2], demanding smaller ransoms [2].
Description
ADHUBLLKA ransomware utilizes a unique decryption key to encrypt victims’ information [3], making it challenging to restore files without the key [3]. The key is stored on a server controlled by the cyber criminals responsible for the ransomware [3], and victims are required to pay a ransom to gain access to it. However, it is important to note that paying the ransom is not recommended, as it often does not result in data recovery [3]. It is crucial to correctly identify this strain, as previous instances of ADHUBLLKA have been misclassified as other ransomware families [2]. Furthermore, the research provides insights into tracing the origins of ransomware families through communication channels and other methods [2]. It is advised to refrain from contacting the criminals and instead recover lost data from available backups [3].
Conclusion
The discovery of the TZW strain of ransomware has significant implications. Its targeting of individuals and small businesses highlights the need for heightened cybersecurity measures among these entities. Additionally, the difficulty in recovering encrypted files without the unique decryption key underscores the importance of regular data backups. The research conducted by Netenrich not only aids in correctly identifying this strain but also provides valuable insights into tracing the origins of ransomware families. Moving forward, it is crucial for individuals and organizations to remain vigilant, implement robust cybersecurity measures, and regularly backup their data to mitigate the risks posed by ransomware attacks.
References
[1] https://netenrich.com/blog/discovering-the-adhubllka-ransomware-family
[2] https://www.darkreading.com/threat-intelligence/ransomware-with-an-identity-crisis-targets-small-businesses-individuals
[3] https://adware.guru/remove-adhubllka-virus/
