Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow


In a previously released article, Heimdal® examined the emerging Dark Power ransomware, a strain of ransomware that can use advanced encryption methods like CTR to better control the victim’s computer and, implicitly, the housed data. This malware is written in the NIM programming language. Open-source threat intelligence feeds provide relatively little information about the preferred infiltration route and how to find and exploit vulnerabilities.

According to Heimdal’s analysis of the Dark Power strain’s vulnerability D&A, the ransomware utilises kernel-related APIs at the IPC level to advance more quickly via the cyber-kill chain. In order to identify CVEs, we shall examine the vulnerabilities in more detail in this post.

Read More…