back to article Upstart Ransom Cartel linked to REvil veterans

It has been almost a year since the ransomware gang Ransom Cartel was first detected and the crew over that time has racked up a steady drumbeat of victims in such countries as the United States and France and from a broad array of industry sectors. Analysts at MalwareHunterTeam believe the group has been active since December …

  1. Pascal Monett Silver badge
    WTF?

    API hashing ?

    How on Earth does that work ?

    I get code obfuscation, I get memory management, I get encryption, but how do you hash an API call in a way that allows you to get a useful answer ?

    I've used APIs before. If you don't send exactly the properly formatted call, you get an error in return.

    So ?

    1. diodesign (Written by Reg staff) Silver badge

      Re: API hashing ?

      It's a way to obfuscate the Windows API calls used by malware to make reverse engineering more tricky. It's down at the executable level, where the program imports functions from libraries. See:

      https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware

      C.

      1. Pascal Monett Silver badge
        Thumb Up

        Re: API hashing ?

        Now that is an interesting link. It's going to take me some time to wrap my head around that.

        Thank you.

  2. devin3782 Silver badge
    Mushroom

    Well we already have voyeurism-as-a-service from the four horseman privacy apocalypse (Apple, Google, Amazon, Samsung) so I guess why not have crime-as-a-service seems like a logical next step

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like