One of the key challenges with ransomware encryption is the failure to write the encrypted temporary key to the file’s footer when encrypting large files, according to Coveware. This issue becomes critical for files over 1GB, as the footer is never created, resulting in the loss of the decryption key and rendering the files permanently unrecoverable.

A new ransomware variant, known as 01flip, has emerged targeting a specific group of victims in the Asia-Pacific region. Developed in Rust, this ransomware is capable of infecting both Windows and Linux systems. The attack vectors typically exploit known security vulnerabilities like CVE-2019-11580 to infiltrate target networks. The threat actor behind this ransomware, identified as CL-CRI-1036, is financially motivated.

To safeguard against targeted ransomware attacks, organizations are strongly advised to implement several security measures. These include monitoring the use of dual-use tools, limiting access to RDP services, enforcing multi-factor authentication (2FA), utilizing application allowlisting where possible, and storing backup copies off-site.

While traditional ransomware attacks involving encryption continue to pose a significant threat, a new trend of encryptionless attacks has emerged, increasing the overall risk landscape. Symantec and Carbon Black highlight the evolving nature of ransomware threats, where encryption-based attacks are just one aspect of a broader extortion ecosystem.