Ransomware or Cryptominer? Rakhni can choose | Summary and Q&A

9.0K views
July 10, 2018
by
The PC Security Channel
YouTube video player
Ransomware or Cryptominer? Rakhni can choose

TL;DR

A new variant of Rachni malware has emerged, infecting systems primarily through spam campaigns and choosing between ransomware and crypto mining depending on the system.

Install to Summarize YouTube Videos and Get Transcripts

Questions & Answers

Q: How is the new Rachni variant distributed and which countries are most affected?

The malware is distributed through spam campaigns, tricking users into opening fake documents. The countries most affected by the malware are Russia, Kazakhstan, Ukraine, Germany, and India.

Q: How does the malware evade analysis on virtual machines?

The malware has a comprehensive set of checks to detect virtual machines, including process names, machine names, and virtual machine tools. If any of these are found, the malware terminates without deploying the payload.

Q: What does the malware do once it successfully infects a system?

Depending on the system's configuration, the malware decides whether to install a ransomware variant or a crypto miner. It installs a fake certificate and encrypts files in the case of ransomware, or runs as a disguised process for crypto mining.

Q: How does the malware spread to other computers on the network?

The malware has a worm component that allows it to spread to other computers on the local network, increasing its reach and potential for income generation.

Summary & Key Takeaways

  • The new Rachni variant primarily targets countries like Russia, Kazakhstan, Ukraine, Germany, and India, while the impact on the United States is relatively lower.

  • The malware is distributed through spam campaigns, disguising itself as fake documents and Adobe Reader plugins.

  • The malware has strong anti-virtual machine capabilities, making it difficult for analysis, and it checks for various processes, machine names, and virtual machine tools to avoid execution.

Share This Summary 📚

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on:

Explore More Summaries from The PC Security Channel 📚

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on: