Cybersecurity officials worry about the increasing number of the Hello XD ransomware attack with stronger encryption strategies. There was a double extortion attack back in November 2021 where the threat actors steal corporate data before encryption. This was for the first time this kind of attack was deployed.
The malware is coded with a new kind of encryptor that has custom features as reported by the Palo Alto Networks Unit 42.
The Hello XD ransomware attackers are currently using Tor payment sites to extort victims and communicate directly with the victim using the TOX chat service. After successful phishing the Hello XD ransomware disables shadow copies to prevent system recovery. Then the malware encrypts the whole system adding .hello extension to file names. The Hello XD then uses an open-source backdoor named Microbackdor to extract files and wipe traces of the compromised system.
Hello XD is still at its early stages of development but the threat actor is experienced working on its development. It can still be barred from developing new strains with intense cyber security programs.
