Home
Threat Intelligence Posts

M3rcury Ransomware Leaks on Dark Web Cybercrime Forum

A post on a TOR-based private cybercrime dark web forum is advertising the source code of an advanced FUD ransomware, dubbed M3rcury.
Updated on
February 27, 2023
Published on
July 22, 2021
Read time
5
Subscribe to the latest industry news, technologies and resources.
Category Malware Intelligence
Affected Industries Education
Affected Region Global
 

Executive Summary

  • CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a TOR-based private cybercrime dark web forum, advertising the source code of an advanced FUD ransomware, dubbed M3rcury.
  • The threat actor has quoted a price of EUR 170/ USD 207 for the source code.
  • The threat actor claims that M3rcury is built entirely from scratch and uses a unique multi-password piecewise encryption mechanism to evade anti-ransomware protection.
[caption id="attachment_17570" align="aligncenter" width="825"] Post on the underground forums for the sale of M3rcury Ransomware[/caption]  

Analysis

Features of M3rcury Based on the research and findings conducted by the CloudSEK Threat Intelligence team, the features of this ransomware code include:
  • Removal of backups from the victim’s system
  • Hybrid RSA AES-256 encryption
  • UAC bypass
  • Sandbox detection
  • Evasion of heuristic analysis
  • Heavy obfuscation
  • Scantime, packed and encrypted
  • Encryption mechanism to defeat anti-ransomware detection
  • Working on Windows 7/10
  What does the purchase include? According to the seller, the purchase of this malware includes the following:
  • Attacker side decryption source code written in golang.
  • A copy of the main ransomware executable in both 32 and 64 bit.
  • A unique private key for victim decryption.
  • Access to all future updates.
 

Impact & Mitigation

Impact
Mitigation
  • M3rcury ransomware eventually leads to network compromise as it evades anti-ransomware softwares.
  • It can be leveraged to extort large volumes of data from its victims.
  • M3rcury restricts access to user data via encryption/locking.
  • Train employees to identify phishing attempts, phishing emails that contain weaponized attachments or malicious links.
  • Employ effective IDPS/ NGFW within the corporate network to prevent ongoing attacks.
  • Secure RDP/ VPN endpoints to prevent the initial entry into the internal network.
  • Proper auditing of internal networks, especially on-premise Active Directory.
  • Restrict user privileges and permissions, unless absolutely necessary.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Related Intelligence Posts
No items found.