#Summary:

- An unidentified threat actor from Vietnam has been engaging in a ransomware campaign using a variant of the Yashma ransomware.

- The attackers retrieve ransom notes from their GitHub repository instead of embedding them in the malware binary, evading traditional endpoint security measures.

- The threat actor appears to target English-speaking countries, Bulgaria, China, and Vietnam.

- There are clues suggesting a Vietnamese origin for the attacker.

- The ransomware variant employed is a customized version of Yashma, with anti-recovery capabilities.

- The attackers demand ransom payments in Bitcoin and double the ransomware price if the victim fails to pay within three days.

- Indicators of Compromise (IoC) can be found on Cisco Talos' GitHub repository.

#Hashtags:

#Ransomware #Vietnam #Yashma #ThreatActor #Bitcoin

https://www.infosecurity-magazine.com/news/vietnamese-ransomware-mimics/