RansomHouse Enhances Ransomware Encryption Techniques Amid Rising Threats

RansomHouse ransomware-as-a-service has recently upgraded its encryption techniques, transitioning from a single-phase linear method to a more complex multi-layered approach. The new encryptor, dubbed Mario, utilizes a two-stage transformation process that employs a 32-byte primary key and an 8-byte secondary key, significantly increasing encryption entropy and complicating partial data recovery.

This upgrade also incorporates a dynamic chunk sizing strategy, which enhances the non-linearity of the encryption process and makes static analysis more challenging. Furthermore, Mario improves memory layout and buffer organization, deploying multiple dedicated buffers for different stages of encryption.

The updated variant continues to target virtual machine files and renames encrypted files with the .emario extension while dropping a ransom note titled 'How To Restore Your Files.txt' in all affected directories.

According to a report from Palo Alto Networks Unit 42, these advancements in RansomHouse's encryption signal a concerning trend in ransomware development, indicating that the threat landscape is evolving, and organizations must enhance their defenses against increasingly sophisticated attacks.