The ransomware has compromised thousands of systems since its detection three weeks ago, utilizing advanced encryption tactics that have challenged security experts. Security experts recommend keeping systems patched, implementing email filtering, maintaining offline backups, and deploying advanced endpoint protection to mitigate this emerging threat. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Ebyte implements a sophisticated hybrid encryption system combining ChaCha20 for file encryption with a unique 256-bit key for each victim. What makes Ebyte particularly concerning is its implementation of a secure key management system that generates unique encryption keys for each file. These keys are then encrypted and stored in a custom file structure, preventing the development of universal decryption tools even if researchers manage to recover individual keys from memory. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Initial forensic analysis by researchers at Cyfirma indicates that Ebyte may be linked to the threat actor group known as BlackShadow, previously responsible for attacks on healthcare and manufacturing sectors. Once executed, the malware establishes persistence through registry modifications and scheduled tasks before disabling security tools and backup solutions. Initial infection vectors primarily involve phishing emails containing malicious Office documents that exploit a recent Windows vulnerability (CVE-2025-0142). The ransomware performs a thorough system scan before encryption, prioritizing business-critical files like databases and financial records. The core encryption function reveals advanced obfuscation techniques designed to evade static analysis tools. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. A sophisticated new ransomware strain dubbed “Ebyte” targeting Windows systems across North America and Europe. The ransom note also threatens to publish exfiltrated data if payment isn’t received within 72 hours, indicating the attackers employ a double-extortion strategy. The messages typically appear as invoice reminders or shipping notifications from trusted business partners, containing documents that trigger the exploit when opened. This targeted approach suggests the attackers have specific knowledge of business operations to maximize potential ransom payments. The malware has an unusual capability to identify and target network shares even when they’re not actively mapped to the infected system. The malware also incorporates anti-analysis features that detect debugging environments and virtual machines, terminating execution if such environments are detected. def encrypt_file(file_path, encryption_key): nonce = os.urandom(12) cipher = ChaCha20.new(key=encryption_key, nonce=nonce) with open(file_path, 'rb') as file: plaintext = file.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 14:10:14 +0000