HavanaCrypt Ransomware Masquarading as Google Update

First observed June 2022 in the wild, HavanaCrypt Ransomware masquerades as a legitimate Google Chrome update with sophisticated anti-analysis techniques and other functionality that may be used for data exfiltration and privilege escalation since its lack of a ransom note renders it unprofitable for its author.

HavanaCrypt leverages functionalities from the open-source password software KeePass for file encryption. The ransomware’s anti-analysis techniques including code obfuscation, virtual machine reconnaissance, and process killing to ensure that it is not easily detected by typical security measures. HavanaCrypt establishes C2 communications via an exploited Microsoft hosting address.

https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

HavanaCrypt Ransomware Masquarading as Google Update
Scroll to top