back to article Upstart Ransom Cartel linked to REvil veterans

It has been almost a year since the ransomware gang Ransom Cartel was first detected and the crew over that time has racked up a steady drumbeat of victims in such countries as the United States and France and from a broad array of industry sectors. Analysts at MalwareHunterTeam believe the group has been active since December …

  1. Pascal Monett Silver badge
    WTF?

    API hashing ?

    How on Earth does that work ?

    I get code obfuscation, I get memory management, I get encryption, but how do you hash an API call in a way that allows you to get a useful answer ?

    I've used APIs before. If you don't send exactly the properly formatted call, you get an error in return.

    So ?

    1. diodesign (Written by Reg staff) Silver badge

      Re: API hashing ?

      It's a way to obfuscate the Windows API calls used by malware to make reverse engineering more tricky. It's down at the executable level, where the program imports functions from libraries. See:

      https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware

      C.

      1. Pascal Monett Silver badge
        Thumb Up

        Re: API hashing ?

        Now that is an interesting link. It's going to take me some time to wrap my head around that.

        Thank you.

  2. devin3782
    Mushroom

    Well we already have voyeurism-as-a-service from the four horseman privacy apocalypse (Apple, Google, Amazon, Samsung) so I guess why not have crime-as-a-service seems like a logical next step

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like