• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

A Modified XiaoBa Code: Still Dangerous for User Data

April 20, 2018Simeon Georgiev

We have discussed it previously how some quarters of cybercriminals are shifting their focus from ransomware infiltrations to cryptomining malware activities. In one of the related developments, the operators of XiaoBa, a ransomware strain introduced in October last year, have also modified its coding to change its nature from cryptovirological code to a malware that hacks computer and uses its computing abilities to mine cryptocurrency.

The new strain of XiaoBa doesn’t encrypt files and hence the affected users are not required to employ measures to restore ransomware files. However, there are bugs in the malware that can destroy some of the executable files on the affected device.

Even though XiaoBa has been around for several months, it hasn’t made it to the headlines. The reason is this strain hasn’t been part of any mass distribution campaigns like WannaCry and SamSam attacks. As of now, three versions of XiaoBa have been released by its operators, mostly targeting Chinese users.

However, some security researchers have recently discovered a XiaoBa strain with a modified script, which has been coded to destroy data and to hack the computing power of the device. Some people might think that changing its activity from encryption to hacking and deletion of files is less problematic.

But researchers have found out that the scripting fault in the code has made this ransomware another type of nuisance where the injection of multiple codes into every executable file can exhaust the space on the device and can lead to its crashing.

So instead of calling for a help to restore ransomware files, the affected users might have to reset their device by cleaning up the hard disk and by reinstalling the operating system. Researchers have also found out that cryptocurrency mining scripts have also been injected in every executable file of the affected device. This means a comprehensive recovery measures are needed anyway.

So, we can’t take the latest version of XiaoBa too lightly because like any ransomware activity it still is capable of compromising user’s data. XiaoBa’s activity also shows that cloud backups are becoming unavoidable for every professional and personal user.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post British MPs Censures NHS’s Response to WannaCry Attack Next post Ransomware Operators are Exploiting Syrian Tragedy

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.