Ransomware removal reporters have informed the public of the presence of an updated variant of AZORult malware that is partnering with the Hermes Ransomware.
AZORult was first found in the cybersecurity spheres two years ago in 2016 when it served as a subordinate to a virus infiltrating banks, known as Chthonic. Afterwards, the malware was for a plethora of infection mechanisms in different malware campaigns. The modus operandi of AZORult was with its proliferation through spam email campaigns as well as being a recurrent constituent of exploit kits.
Ransomware removal researchers discovered an advertisement of AZORult on 17 July 2018 in a hacking forum. An infamous cybercriminal group that goes by the name of TA516 has been alleged to be the latest operator of the malware.
A number of phishing email campaigns were launched by the above-mentioned cybercriminal group that pretended to deliver job applications. The job documents were locked and users were provided with a password to unlock the job details. The emails were attached with documents consisting of malicious payloads.
However, ransomware removal analysts have strictly discouraged the opening of any such emails as various users entered the given password and were subsequently infected with a secondary payload of AZORult malware which in turn dropped the Hermes Ransomware to propagate further damage and exploitation of the affected systems.
Ransomware removal experts note that this is not the first cybercrime that is associated with TA516. Earlier in 2017 security analysts studied and found the group as part of a cyber threat where they were engaged in similar tactics by enticing users with job resumes. Many unemployed victims desperately clicked and downloaded malicious files laced with banking Trojans as well as crypto-malware. This malware was found to be using the computing resources of the victims to mine Monero as well as sending it to the remote locations of the cybercriminals.
