Ymir, the dangerous ransomware discovered by Kaspersky: it operates in memory and leaves no trace

Photo of author

By Jack Ferson

Threats on the Internet do not give up and hackers continue to perfect their advanced hacking tools and methods to steal personal and financial data from both users and large companies.

In this scenario, malware continues to be one of the most dangerous threats, and names like ToxicPanda or Winos4.0 have already put systems around the world in check. However, a new danger has arisen, which is said to be quite dangerous, it is the ransomware Ymir.

A group of cybersecurity experts from the team GERT de Kaspersky has detected this never-before-seen threat, which is distinguished by its advanced techniques to avoid detection.

It should be noted that it does not act like other conventional ransomware; Instead of leaving traces on the hard drive, this operates directly in system memorymaking it extremely difficult to detect by security programs.

The new computer virus that is distinguished by its advanced encryption techniques

Ymir is a type of ransomware designed to infiltrate computers and encrypt critical filespreventing access to information until the victim pays a ransom. Use functions like malloc, memmove y memcmp to load your code directly into RAM.

It means that it does not leave obvious traces on the hard drive, making it difficult for antivirus to detect it. How does it manage to sneak into your computer? Hackers often use malware that steals credentials, such as RustyStealerto gain access to the PC.

Once inside, use remote administration toolslike Process Hacker y Advanced IP Scannerto take control of the system and run Ymir. They then access the system using WinRM and PowerShell commands, ensuring that the threat is deployed easily.

Once the ransomware has infected your computer, it uses the ChaCha20 algorithm to encrypt your files. Add the extension “.6C5oy2dVr6” to the encrypted data and generates a ransom note in PDF format with instructions to pay the ransom.

To protect yourself from Ymir, it is crucial to have advanced and updated security softwarebe cautious when opening files or links from unknown sources and enable two-step authentication. It is important that you take measures to protect your computer and your data.

Get to know how we work in NoticiasVE.

Tags: Virus

Leave a Comment