TrendMicro discovers new ransomware threat: Rapture
In March and April 2023, cybersecurity firm TrendMicro discovered a new type of ransomware called Rapture that targets its victims using a minimalistic approach with tools that leave only a minimal footprint behind.
This malware was found to have similarities with the Paradise ransomware, but with some distinct differences in behavior.
The attackers behind Rapture used an RSA key configuration file similar to that used by Paradise, but also incorporated Themida, a commercial packer, to pack the ransomware and make analysis more difficult. Rapture requires at least a .NET 4.0 framework for proper execution, which suggests more similarities with Paradise, which has been known to be compiled as a .NET executable.
The minimalistic approach taken by Rapture is particularly concerning as it can make it harder for security software to detect and prevent the ransomware from executing. This type of ransomware is designed to leave behind only a minimal footprint, making it harder to detect and analyze the malware.
Indicators of Compromise
| SHA256/IP |
|---|
| c417a89cdc86ea6d674d2dc629ae1872b4054ac43e948e8ed60d3f3f47178598 |
| a6cd727a18e5e2a80fbd8a51c299a2030bd5e68e4bbf136e07eb9d0b3f3bb8ce |
| 619614cda94a4b6b185c0c122d11ef2b8b0b3e7fc94a1a5c2ff1ac49233df54b |
| 4222681314f5ffd69fe17ab2ae4b9aaa60866571fe2b53afc10f87e3738cedda |
| b44b4e162de1decc9a5d3c61a045eb4776c55fccd33c9eced5b9f622faee19fa |
| 367e13f234a46822aa9655690f18000319123ad07a62e56bcf8bebbfbb0de7b9 |
| 99331170be7aa48d572728f68e52ac8d3eb3c8307cb8050ce504ef9f4624a4ba |
| d793aaaba1b4b34a20432b86505b851d838def0cd722b8cbdd1d08e19a08b6ee |
| 195.123.234.101 |
| 172.82.86.148 |