July 4, 2022
New Hello XD Ransomware Strain Executes Remote Code, Extracts Files, and Makes System Modifications

This Already Dangerous Ransomware just Got More Powerful and Damaging

The Hello XD ransomware is now capable of doing more than freezing up machines to hold them hostage, it can also make intricate system changes…

Threat actors usually deploy ransomware to seize control of computers remotely. Then, extort money from their victims in exchange for freeing the machines. But, there are some nasty strains that are far more dangerous than others. That’s the case with Hello XD, according to Unit 42, Palo Alto Networks’ cybersecurity arm, ransomware has even more destructive powers. It can do a lot more than just take over devices from afar.

New Hello XD Ransomware Strain Executes Remote Code, Extracts Files, and Makes System Modifications

Security experts warn that Hello XD now has a detection avoidance feature that helps the malware stay hidden. Not only does it better conceal its presence, but it also has a modified HC-128 and Curve25519-Donna. This gives it Rabbit Cipher and Curve25519-Donna. Moreover, it doesn’t leave a coherent string. Instead, it clumps random bytes, making it all the more indecipherable. All of this, plus the newest version of Hello XD ransomware can do substantially more damage.

Traditionally, ransomware is sent out by hackers to take over computers. Once unloaded, they can exfiltrate practically every bit of data to a controlled location. This data is typically encrypted on the way over, so if the victim has a backup system, the hackers can still threaten the release of sensitive data or sell it to a third party.

Plus, the new iteration of Hello XD also contains MicroBackdoor, which gives cybercriminals the ability to deploy remote code execution, file exfiltration, and make system modifications. Consumers are urged to be weary of phishing schemes, keep their software up to date, and use a strong antivirus and firewall.

Owen E. Richason IV

Covers social media, apps, search, and similar news. History buff, movie, and theme park lover. Blessed dad and husband.     

View all posts by Owen E. Richason IV →