image credit: Pxhere

New Yashma Ransomware Variant Targets Multiple English-Speaking Countries

August 8, 2023

An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023.

Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely Vietnamese origin.

“The threat actor uses an uncommon technique to deliver the ransom note,” security researcher Chetan Raghuprasad said. “Instead of embedding the ransom note strings in the binary, they download the ransom note from the actor-controlled GitHub repository by executing an embedded batch file.”

Read More on The Hacker News