ShadowRoot Ransomware Targeting Turkish Businesses

NetmanageIT OpenCTI - opencti.netmanageit.com

ShadowRoot Ransomware Targeting Turkish Businesses



SUMMARY :

An analysis reveals a basic ransomware campaign targeting Turkish enterprises. The attack commences with a malicious PDF attachment delivered via email, containing a link that downloads an executable payload. This executable then drops further components, including a .NET binary obfuscated with dotnet confuser. The malware recursively encrypts files with the .shadowroot extension and communicates with a Russian SMTP server. While exhibiting fundamental functionality, this campaign appears to be the work of an inexperienced actor aiming to extort victims through ransom demands.

OPENCTI LABELS :

ransomware,türkiye


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


ShadowRoot Ransomware Targeting Turkish Businesses