Vin Ransomware Blog02

A new virus is in circulation and this time it is again targeting the Middle-East countries. Interesting enough last month the Middle east was (still might be) plagued with Shamoon 2.0, the deadly virus that made its comeback from the dead.

The vigilant Shamoon 2.0 malware has paced back again directing outbreaks on Saudi Organizations. The Shamoon 2.0 malware is also known as Dark Disttrack wiper. The main motive of this malware is data annihilation. Once the malware infects the victim’s system it spreads across the network and expunge the data stored in the victim device.

Our Previous post talked about the initial overview of the Shamoon 2.0 sample. This analysis is a continuation of our last post but with a more insight on the working and behavior of the malware.

The destructive Shamoon malware campaign again returns in January 2017 targeting several Saudi organizations. The Shamoon malware first detected in 2012, wiping the data on over 30,000 computer systems and rewriting the hard drive Master Boot Record with a picture of a burning US flag.

Update : The tool has been updated to detect the latest Jan 2017 variant of the Shamoon2 malware - 01-24-2017 03:09:15 IST

On December 1, 2016, Crowdstrike[2] reported a new targeted attack on some Gulf companies using the Shamoon malware. Shamoon is a malware that infected companies in Middle East and primarily wiped their hard disk. This is a new variant and is dubbed as Shamoon 2.0[1].