Researchers Warn of Novel PXJ Ransomware Strain

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,387
Researchers have discovered a new strain of ransomware, dubbed “PXJ,” which emerged in the wild in early 2020.

While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said. They first identified PXJ on Feb. 29, after discovering two samples that were uploaded to VirusTotal by a user from the community.

“The emergence of new ransomware strains is almost a daily occurrence nowadays, facilitated by the ability of new threat actors to buy ransomware for a low cost or even obtain code for free on some forums,” said Megan Roddie, cyber-threat researcher with IBM X-Force in a Thursday post. “Additionally, organized cybercrime gangs use ransomware to extort organizations and force them to negotiate ransom amounts to the tune of millions of dollars in each case.”

Roddie told Threatpost that at this time, the initial infection vector of the ransomware is unknown. Similar to other ransomware strains, once it infects a system, PXJ starts its attack chain by disabling the victim’s ability to recover files from deleted stores. It empties the recycle bin (using the “SHEmptyRecycleBinW” function), and then executes a series of commands to prevent the recovery of data that’s been encrypted. These include deleting volume shadow copies, which can create backup copies in Microsoft Windows, and disabling the Windows Error Recovery service.

Then the ransomware begins the file encryption process. Based on the ransom note, researchers were able to glean that the encryption process includes encrypting photos and images, databases, documents, videos and other files on the device. PXJ uses double encryption (both AES and RSA algorithms) to lock data down, which researchers said is a practice that is quite common to prevent potential recovery by breaking the encryption.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top