Hello, welcome to the Wednesday, August 23rd, 2003 edition of the Sansonet Stormontas Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Exxavier found some interesting, different malware using new or relatively new, at least for

Malver, a encryption algorithm called new at least for Malver,

a encryption algorithm called Furnay encryption.

Furnay encryption has been around for a while.

2016 is the last day the actual Python module was updated for it,

but Xavier has observed that in recent month there's a little uptick in the use of this algorithm in Malver. Big question, of course, why is Malver attracted to the algorithm? There is no sort of obvious

reason when it comes to usability. You actually, as Xavier shows, have to specifically install

the respective Python module for Windows Python.

The reason maybe in my opinion kind of that since it's a somewhat unusual algorithm,

it may evade some of the detection that you sometimes find in antimatter

that attempts to detect encryption, in particular if it's trying

to sort of disrupt ransomware. Not really clear if that's the reason, or maybe it's just

a simple to use algorithm. There's also no real good review that I could see for this particular

algorithm to kind of figure out if it's any good.

But for cases like this for Malware, it often isn't really all that important, how good it is

as far as the security of the encryption goes, but more, well, how difficult it is to detect

that files are being encrypted or decrypted.

It's a simple symmetric algorithm which also makes it really not that suitable for ransomware in a sense that, well, the keys delivered as part of the malicious binary.

So really more maybe to transmit some encrypted binaries and then decrypted on the victim to evade

...