On August 9th, the HexaLocker ransomware group announced the release of HexaLocker V2, a significantly advanced version of its Windows-based ransomware. Developed using the Go programming language, this new version is reportedly supported by contributors from notorious hacking groups, including LAPSUS$. HexaLocker V2 represents a dangerous evolution in ransomware technology, incorporating more aggressive and sophisticated attack strategies aimed at maximizing damage and extortion potential.
HexaLocker V2 brings several critical upgrades that make it more resilient and damaging than its predecessor. One of its major improvements is the introduction of enhanced persistence mechanisms that allow the ransomware to remain active even after system reboots. This feature ensures that once a system is infected, HexaLocker V2 maintains its hold, making it difficult to remove.
Additionally, the ransomware now employs advanced encryption techniques to secure its operations and evade detection.
It uses AES-GCM for encrypting strings, Argon2 for key derivation, and ChaCha20 for fast and efficient file encryption. These technologies collectively fortify the malware’s encryption process, making it more challenging for cybersecurity tools to detect and counteract the ransomware.
One of the most notable advancements is the integration of the Skuld Stealer, an open-source da
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: