Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks

The ransomware is rudimentary with basic functionalities, likely having been created by an inexperienced developer — but it's effective at locking up files and sucking up memory capacity.

Dark Reading Staff, Dark Reading

July 16, 2024

1 Min Read
A Turkish flag waving on a pole
Source: imageBROKER.com GmbH & Co. KG via Alamy Stock Photo

A ransomware strain coined "ShadowRoot" has been found targeting Turkish businesses through phishing attacks.

The phishing emails contain a PDF attachment disguised as an invoice with embedded malicious links. Upon user interaction, this triggers a download of a RootDesign.exe file hosted on a compromised GitHub account.

The downloaded file is a Delphi binary and, according to researchers at Forcepoint who analyzed the exe, it drops further payloads: "C:\TheDream\RootDesign.exe," "C:\TheDream\Uninstall.exe” and “C:\TheDream\Uninstall.ini".

"We have observed recursive self-process creation by RootDesign.exe, which causes the files to get encrypted multiple times, resulting in higher memory consumption," the researchers said. "It also drops many copies of encrypted files on the root."

They add that the ransomware appears "rudimentary" and likely the work belonging to an inexperienced developer.

In addition to user awareness for defense, the researchers recommend blocking the following email addresses to prevent being targeted by the Shadowroot threat actors:

  • Kurumsal[.]tasilat[@]internet[.]ru

  • ran_master_som[@]proton[.]me

  • lasmuruk[@]mailfence[.]com

Read more about:

DR Global Middle East & Africa

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
laptop with palo alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
Donald Trump standing at a podium
Сloud Security
Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in ThreatsTrump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats
byRobert Lemos, Contributing Writer
Nov 15, 2024
5 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events