We have discussed it previously how some quarters of cybercriminals are shifting their focus from ransomware infiltrations to cryptomining malware activities. In one of the related developments, the operators of XiaoBa, a ransomware strain introduced in October last year, have also modified its coding to change its nature from cryptovirological code to a malware that hacks computer and uses its computing abilities to mine cryptocurrency.
The new strain of XiaoBa doesn’t encrypt files and hence the affected users are not required to employ measures to restore ransomware files. However, there are bugs in the malware that can destroy some of the executable files on the affected device.
Even though XiaoBa has been around for several months, it hasn’t made it to the headlines. The reason is this strain hasn’t been part of any mass distribution campaigns like WannaCry and SamSam attacks. As of now, three versions of XiaoBa have been released by its operators, mostly targeting Chinese users.
However, some security researchers have recently discovered a XiaoBa strain with a modified script, which has been coded to destroy data and to hack the computing power of the device. Some people might think that changing its activity from encryption to hacking and deletion of files is less problematic.
But researchers have found out that the scripting fault in the code has made this ransomware another type of nuisance where the injection of multiple codes into every executable file can exhaust the space on the device and can lead to its crashing.
So instead of calling for a help to restore ransomware files, the affected users might have to reset their device by cleaning up the hard disk and by reinstalling the operating system. Researchers have also found out that cryptocurrency mining scripts have also been injected in every executable file of the affected device. This means a comprehensive recovery measures are needed anyway.
So, we can’t take the latest version of XiaoBa too lightly because like any ransomware activity it still is capable of compromising user’s data. XiaoBa’s activity also shows that cloud backups are becoming unavoidable for every professional and personal user.
