Last Updated on 05/02/2022 by Nidhi Khandelwal
With minimal ransom demands, a new Sugar Ransomware campaign deliberately targets individual machines rather than corporate networks.
‘Sugar,’ a new Ransomware-as-a-Service (RaaS) operation first uncovered by the Walmart Security Team in November 2021, has been quietly gaining traction.
The ransomware’s name is derived from the operation’s affiliate site, which Walmart identified as a sugar panel .
Unlike most ransomware attacks reported in the news, Sugar appears to be targeting individual computers, most likely belonging to consumers or small enterprises, rather than large networks.
As a result, it’s unclear how the ransomware is spread or infects people.
When the Sugar Ransomware is first launched, it will connect to whatismyipaddress.com and ip2location.com in order to obtain the device’s IP address and geographic location.
When the victim visits the Tor website, they will be directed to their own page, which will have a bitcoin address for sending a ransom, a chat section, and the ability to decrypt five files for free.
This operation’s ransom demands are quite modest, with attacks seen by BleepingComputer requiring only a few hundred dollars in exchange for a key. Surprisingly, the resulting ransom demand on our test box was only 0.00009921 bitcoins, or $4.01.