In the latest dark web news, a threat actor has announced the qBit Ransomware-as-a-Service (RaaS), an innovative and highly adaptable malware written in the Go programming language.
The qBit ransomware is designed to target both Windows (from Win 7 to 11) and various Linux distributions, with an ESXi variant currently in the works.
Its capabilities include lightning-fast encryption through a hybrid logic, multiple encryption modes, swift execution, and several unique security features.
The Birth of qBit Ransomware: An asset for cybercriminals
The qBit ransomware, forged from the ground up in Go, boasts remarkable concurrency functionalities. This translates to accelerated operation speeds, minimal detection rates, and enhanced versatility.
It has been rigorously tested on an array of operating systems, including Windows variants spanning from Win 7 to 11 (both X32 and X64), as well as popular Linux distributions like CentOS, Ubuntu, Linux Mint, Endeavour OS, and Fedora (all X64).
Additionally, an ESXi variant is currently in the early stages of development, promising a broader attack surface in the near future, which could shake the infrastructure of various big organizations — making it a menacing threat on the dark web.
qBit RaaS: Empowering the criminal campaign
Since the inception of ransomware, the Ransomware-as-a-Service (RaaS) model has played an important role in the proliferation of these malicious attacks. qBit RaaS’s creators are actively seeking affiliates to join their ranks.
Distinctive features of qBit ransomware
- Swift Encryption with a Hybrid Logic: Leveraging Salsa20 and RSA 2046 algorithms, qBit ensures a rapid encryption process.
- Flexible Encryption Modes: The ransomware offers three modes – Full, Partial, and Smart – allowing for tailored approaches to data encryption.
- Timely Execution: qBit ransomware works around prompt execution, ensuring minimal disruption during the encryption process.
- Enhanced Security Measures: The ransomware employs obscured binaries, rendering analysis and detection efforts significantly more challenging for security analysts.
- Anti-Analysis Techniques: qBit incorporates anti-analysis measures to thwart attempts at reverse engineering.
- Direct Syscalls and Multi-Threading: These features enhance the ransomware’s operational efficiency, ensuring optimal performance.
- Decryption Tool: A decryption tool is thoughtfully included, affording victims a potential lifeline to recover their encrypted files.
Tailored Exploitation with qBit ransomware
According to PCrisk, the qBit RaaS has been promoted in hackers’ forums. Its evasion of EDR solutions makes detection and mitigation challenging, often leaving victims unaware until substantial harm has been done.
For buyers seeking additional customization, the dark web user behind the qBit ransomware sale offers pre-execution shell-code injection, file exfiltration, and personalized target information reporting, all at no extra cost.
While qBit RaaS sports an optional user interface enabled through the “-log” parameter, it is important to note that threat actors can use this to penetrate organizations’ defense while being completely hidden from threat detection systems.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
