New ‘HavanaCrypt’ Ransomware Distributed as Fake Google Software Update

New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update

Trend Micro’s security experts have discovered a new ransomware family that masquerades as the Google Software Update program.

The ransomware conducts numerous anti-virtualization checks and hides its command and control (C&C) server’s IP address by using a Microsoft web hosting service. Trend Micro’s examination of HavanaCrypt also revealed that it uses an open-source password manager’s modules during encryption and uses a namespace method function that queues a method for execution.

HavanaCrypt is an open-source obfuscator built in.NET that conceals its window after execution and checks the AutoRun registry for a ‘GoogleUpdate’ entry before carrying out its regular operations if the registry is not discovered.

Read More: https://www.securityweek.com/new-havanacrypt-ransomware-distributed-fake-google-software-update