Payload Ransomware Uses ChaCha20 and Aggressive Anti-Forensics
Source: Socprime
Published:
<p>Payload is a Windows ransomware family that encrypts files with ChaCha20 and uses a per-file Curve25519 ECDH exchange, then appends the .payload extension to impacted data. The malware drops a RECOVER_payload.txt ransom note, creates its own log file, and applies several anti-forensic measures, i