Palo Alto Networks Unit 42 has discovered a new strain of ransomware known as Cylance Ransomware, which is currently targeting Linux and Windows devices. Researchers have noticed the attack on Friday morning, and it has already claimed several victims. The ransomware encrypts files and adds a ".Cylance" extension to them. Attackers leave a ransom note but do not specify the ransom amount, which will be disclosed when victims contact the attackers. The attackers also warn victims against restoring or changing files, as it would destroy the private key, and data would be lost forever.
Interestingly, Cylance Ransomware shares its name with Cylance, a cybersecurity company owned by BlackBerry Ltd, which is known for preventing and mitigating ransomware attacks on enterprise organizations. It is unclear why the ransomware is named after the company, and it could be that the attackers are looking for extra attention or trying to negatively impact Cylance in the long run.
Although Cylance Ransomware is still in its early stages, it is essential to monitor its targets and wait for more information from the infosec community. Researchers have shared samples of the ransomware on MalwareBazaar, a project that shares malware samples with the infosec community, AV vendors, and threat intelligence providers.
In conclusion, the emergence of Cylance Ransomware is a reminder of the ongoing threat of ransomware attacks. Businesses and individuals must ensure that they have robust cybersecurity measures in place to protect themselves against these attacks. They should also be cautious when opening emails from unknown sources and ensure that their software and systems are up to date with the latest security patches.
