The Acronis Threat Research Unit has examined a new version of the Proton ransomware family called Zola. Like earlier variants, Zola checks for admin privileges and prompts users to run the executable file if the check fails. If not halted by a kill switch, it checks for a Persian keyboard layout, generates a unique victim ID, and deletes shadow copies to prevent recovery. The encryption scheme has switched from elliptic-curve cryptography (ECC) and Advanced Encryption Standard (AES) to the ChaCha20 scheme.

CISA Details New RESURGE Malware Used In Ivanti Attacks
The U.S. Cybersecurity and Information Security Agency (CISA) has detected a new malware variant termed RESURGE, which can modify files and manipulate integrity checks. The