RedAlert and Monster Jam Operating Systems
RedAlert employs malware written in plain C, as it was detected in Linux sample, Kaspersky found. RedAlert is different from other ransomware groups in that it only accepts payments in Monero cryptocurrency, making the money harder to trace. Kaspersky, which offers an MSP partnership program, notes that Monero is not accepted in every country and by every exchange, so victims might face a problem with paying off the ransom.Detected in July 2022, the Monster ransomware group applies Delphi, a general-purpose programming language, to write their malware and exploit various operating systems, Kaspersky reports. Interestingly, the attack applies a graphical user interface (GUI), a component that has never been implemented by ransomware groups before.Moreover, cybercriminals executed ransomware attacks through the command line in an automated way. The Monster ransomware authors included the GUI as an optional command line parameter, according to the sample Kaspersky experts extracted. Jornt van der Wiel, senior security researcher for Kaspersky’s Global Research and Analysis Team, offered his take on the current state of ransomware attacks:“We’ve got quite used to the ransomware groups deploying malware written in cross-platform language. However, these days, cybercriminals learned to adjust their malicious code written in plain programming languages for joint attacks, making security specialists elaborate on ways to detect and prevent the ransomware attempts. We also draw attention to the importance of constant reviewing and updating patch policies that are applied by companies.”