logo
Questions? +1 (202) 335-3939 Login
Set Up FREE Account Submit Release
Trusted News Since 1995
A service for banking industry professionals · Tuesday, April 22, 2025 · 805,686,811 Articles · 3+ Million Readers
Got News to Share? Send 2 FREE Releases
News Search | All News Topics > World Bank News Topics: By Country | By State ; Press Releases by Industry Channel > All World Bank Press Releases

ANY.RUN Uncovers New PE32 Ransomware Targeting Businesses with Double Extortion

DUBAI, DUBAI, UNITED ARAB EMIRATES, April 22, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence services, has released a new report by Mauro Eldritch detailing the emerging PE32 Ransomware, a rapidly spreading threat that poses significant risks to organizations across industries.

๐๐„๐Ÿ‘๐Ÿ ๐‘๐š๐ง๐ฌ๐จ๐ฆ๐ฐ๐š๐ซ๐ž: ๐€ ๐†๐ซ๐จ๐ฐ๐ข๐ง๐  ๐“๐ก๐ซ๐ž๐š๐ญ ๐ญ๐จ ๐‚๐จ๐ซ๐ฉ๐จ๐ซ๐š๐ญ๐ž ๐’๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ

PE32โ€™s ability to encrypt critical files and exfiltrate data threatens organizations in banking, retail, healthcare, manufacturing, and technology. Some of its key functionalities include:

ยท Rapid File Encryption: PE32 targets visible folders like the Desktop, appending a .pe32s extension, and begins encryption after minimal user interaction.

ยท Dual Ransom Demands: Unlike typical ransomware, PE32 employs a two-tier payment model: $700 to $7,000 for file decryption and $10,000 to 2 BTC for preventing data leaks.

ยท Telegram-Based Command and Control (C2): The ransomware uses the Telegram Bot API for communication, with exposed bot tokens making it traceable but no less disruptive.

Its lack of obfuscation and reliance on basic Windows libraries highlight inexperienced authors behind the threat, yet its active development signals growing danger.

Read detailed analysis of this ransomware strain on ANY.RUNโ€™s blog.

๐‡๐จ๐ฐ ๐€๐๐˜.๐‘๐”๐ ๐‡๐ž๐ฅ๐ฉ๐ฌ ๐‚๐จ๐ฆ๐ฉ๐š๐ง๐ข๐ž๐ฌ ๐ƒ๐ž๐ญ๐ž๐œ๐ญ ๐š๐ง๐ ๐€๐ง๐š๐ฅ๐ฒ๐ณ๐ž ๐๐„๐Ÿ‘๐Ÿ

Using ANY.RUNโ€™s Interactive Sandbox, organizations can analyze PE32 Ransomware in a secure, cloud-based environment. The service simplifies extraction of Indicators of Compromise (IOCs), monitors Telegram-based C2 activity, and maps attack behaviors, enabling faster response and recovery.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐

ANY.RUN empowers organizations in banking, manufacturing, telecommunications, healthcare, retail, and technology with cutting-edge malware analysis and threat intelligence. Its cloud-based Interactive Sandbox, paired with advanced tools like TI Lookup and YARA Search, helps businesses analyze threats in under 40 seconds, building resilient cybersecurity operations.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
YouTube

Powered by EIN Presswire

Distribution channels: Banking, Finance & Investment Industry, Business & Economy, IT Industry, International Organizations, Technology

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release

World Bank News Today by EIN Newsdesk & EIN Presswire (a press release distribution service)

Follow us on Facebook and connect with us on LinkedIn

Newsmatics Inc., 1025 Connecticut Avenue NW, Suite 1000, Washington, DC 20036 · Contact · About

© 1995-2025 Newsmatics Inc., a publisher of EIN News · All Rights Reserved · Privacy Policy · User Agreement