PE32 Ransomware: A New Telegram-Based Threat on the Rise

SUMMARY :

PE32 Ransomware is a new strain of malware that utilizes Telegram for command and control. Despite its amateur execution, it effectively encrypts files and causes significant damage. The ransomware features a unique two-tiered payment model, demanding one fee to unlock files and another to prevent data leaks. It communicates entirely via Telegram Bot API, with the bot token exposed in the code. PE32 is characterized by its messy and loud behavior, dropping marker files, triggering disk repairs, and encrypting even useless files. While lacking sophisticated evasion techniques, it poses a real threat due to its fast encryption process and the current state of poor security hygiene among potential victims. The malware's reliance on basic Windows libraries and its chaotic codebase make it both easy to analyze and potentially dangerous.

OPENCTI LABELS :

telegram,encryption,c2 communication,two-tiered ransom,amateur execution,pe32 ransomware,bot api,exposed infrastructure


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


PE32 Ransomware: A New Telegram-Based Threat on the Rise