The ransomware's code has been littered with exclusion list logic and file extension errors that signify its lack of maturity.
Windows, Linux, ARM, BSD, and ESXi systems have been subjected to attacks by the novel Russia-based VanHelsing Ransomware-as-a-Service operation.
According to research from Check Point, the RaaS operation has already compromised a Texas city and tech firms in the U.S. and France since its emergence earlier this month.
VanHelsing's intrusions involve the deployment of a C++-based ransomware that leverages the ChaCha20 algorithm to facilitate total and partial encryption of files below and above the 1 GB threshold.
The toolkit used by VanHelsing also features a pair of encryption modes, with normal prompting file and folder enumeration, file content encryption, and file renaming, and stealth separating the encryption and file renaming processes, said researchers, who noted that the ransomware's code has been littered with exclusion list logic and file extension errors that signify its lack of maturity.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
