Title 2
A new extortion group called Mad Liberator is targeting AnyDesk users.
They use a fake Windows update screen to distract victims while stealing data.
This operation began in July, and no data encryption has been observed yet.
The group claims they use AES/RSA encryption for file locking.
Attacks start with an unsolicited AnyDesk connection, popular in corporate IT.
The exact target selection method is unclear; they may try random AnyDesk IDs.
During the attack, AnyDesk’s File Transfer tool is used to steal data from OneDrive, network shares, and local storage.
Victims' keyboards are disabled to avoid disruption during data theft.
Although no data encryption is done, ransom notes are left in network directories.
The group does not contact targets before the AnyDesk connection and avoids phishing.
They first offer to help recover files if their ransom is paid; otherwise, they publish stolen files online after deadlines.
Visit
Learn more