Phorpiex Botnet Revives Ransomware and Sextortion Operations

Severity: High (Score: 64.5)

Sources: Gbhackers, Cybersecuritynews

Summary

The Phorpiex botnet, also known as Trik, is being leveraged by hackers to conduct extensive ransomware, sextortion, and crypto-clipping campaigns. This botnet, which has been operational since 2011, has evolved into a versatile criminal platform capable of targeting millions of victims. The recent emergence of a new variant called Twizt incorporates a hybrid architecture, combining traditional command-and-control with peer-to-peer protocols, enhancing its operational capabilities. Attack vectors include sending massive volumes of sextortion emails and deploying ransomware attacks. The botnet's infrastructure allows for efficient distribution of malicious payloads, affecting a wide range of systems. Current reports indicate that the botnet remains active and continues to adapt its methods to evade detection. The ongoing threat poses significant risks to individuals and organizations alike, as the scale of its operations is substantial. Key Points: • Phorpiex botnet is actively used for ransomware and sextortion campaigns. • The new Twizt variant enhances the botnet's capabilities with hybrid architecture. • Millions of victims are targeted through extensive email campaigns.

Key Entities

• Botnet (attack_type)
• Ransomware (attack_type)
• Phorpiex (malware)
• Trik (malware)
• Twizt (malware)
• T1071 - Application Layer Protocol (mitre_attack)