A new ransomware strain named JanaWare is actively targeting individuals and businesses in Turkey, according to a recent report from cybersecurity firm Acronis. This operation, ongoing since 2020, employs a strategy of low ransom demands, typically between $200 and $400, suggesting a high-volume approach to maximize profits. The localized nature of these attacks has helped them evade widespread detection, The Record reports.JanaWare primarily infects home users and small to medium-sized businesses through phishing emails containing malicious Java archives. The attacks are initiated by the Adwind malware, which uses obfuscation to hinder detection. Crucially, JanaWare enforces execution constraints based on system locale and IP geolocation, ensuring it only operates on systems within Turkey. Ransom notes are written in Turkish, and victims are directed to contact attackers via qTox. Some incidents begin with a Google Drive link in an Outlook email, leading to the download of the malicious file that encrypts victim data.The targeted nature of JanaWare, focusing exclusively on Turkey, presents challenges for international security researchers and highlights a trend of localized ransomware campaigns. This development occurs amidst a broader fragmentation of the ransomware ecosystem, with law enforcement and cybersecurity firms reporting an increase in new ransomware variants.Source:The Record
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
