The Acronis Threat Research Unit has examined a new version of the Proton ransomware family called Zola. Like earlier variants, Zola checks for admin privileges and prompts users to run the executable file if the check fails. If not halted by a kill switch, it checks for a Persian keyboard layout, generates a unique victim ID, and deletes shadow copies to prevent recovery. The encryption scheme has switched from elliptic-curve cryptography (ECC) and Advanced Encryption Standard (AES) to the ChaCha20 scheme.
Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper (ATS) Intelligence Insights
2024 saw the evolution of cyber threats, with attacks on widely-used technologies like VPNs, advanced phishing campaigns, and exploitations of cloud services for malware distribution.
