Trend Micro’s security experts have discovered a new ransomware family that masquerades as the Google Software Update program.
The ransomware conducts numerous anti-virtualization checks and hides its command and control (C&C) server’s IP address by using a Microsoft web hosting service. Trend Micro’s examination of HavanaCrypt also revealed that it uses an open-source password manager’s modules during encryption and uses a namespace method function that queues a method for execution.
HavanaCrypt is an open-source obfuscator built in.NET that conceals its window after execution and checks the AutoRun registry for a ‘GoogleUpdate’ entry before carrying out its regular operations if the registry is not discovered.
Read More: https://www.securityweek.com/new-havanacrypt-ransomware-distributed-fake-google-software-update
