In a new blog post researchers from ESET researchers reveal that that the authors behind the infamous Dridex banking trojan are also behind the high-profile, sophisticated ransomware variant FriedEx.
The ransomware was discovered in early July 2017 by Michael Gillespie. In August, it returned to the spotlight and made headlines by infecting NHS hospitals in Scotland.
FriedEx focuses on higher profile targets and companies rather than regular end users and is usually delivered via an RDP brute force attack. The ransomware encrypts each file with a randomly generated RC4 key, which is then encrypted using the hardcoded 1024-bit RSA public key.
In December 2017, ESET took a closer look at one of the FriedEx samples and almost instantly noticed the resemblance of the code to Dridex. Intrigued by the initial findings, ESET dug deep into the FriedEx samples, and found out that FriedEx uses the same techniques as Dridex to hide as much information about its behaviour as possible.
Further analysis revealed a number of additional attributes that confirmed ESET’s initial suspicions – the two malware families were created by the same developers.
The full blog post detailing ESET’s discovery can be found here, however let me know if you have any questions or would like to speak to one of their researchers.