Payload ransomware is a new Windows ransomware family that combines ChaCha20 stream encryption with per-file Curve25519 ECDH key exchange, making victim data effectively unrecoverable without the attackers’ private key. It also implements strong anti-forensics, including ETW patching, VSS deletion, event log wiping, and aggressive process/service termination to hinder detection and recovery. Payload first appeared publicly […]

The post Ransomware Uses ChaCha20 and Curve25519 to Encrypt Windows Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/ransomware-uses-chacha20-and-curve25519/