A newly emerged ransomware variant named Doubleface is raising alarms within the cyber security community. Announced by its creators on underground forums, this ransomware is being touted as a highly sophisticated and undetectable threat, capable of bypassing the most advanced antivirus software.
The existence of Doubleface was first highlighted by a Dark Web Informer tweet, revealing that cybercriminals are promoting this ransomware as fully undetectable by major security solutions. This claim, if true, poses a significant challenge to organisations worldwide, potentially rendering current defences ineffective.
Advanced Encryption Mechanism
Doubleface’s developers claim that the ransomware utilises a unique encryption method combining AES-128 and RSA-4096 algorithms. This dual-layer encryption approach involves generating a random AES key for each file, which is then encrypted using an RSA key. Such a structure is designed to make decryption without the correct RSA key nearly impossible, significantly complicating recovery efforts.
Crafted in C/C++ programming languages, Doubleface is engineered for both efficiency and performance. In a bid to demonstrate their confidence, the creators have even released a video showcasing how the ransomware operates, offering a glimpse into its destructive capabilities.
Fully Undetectable Structure
Perhaps the most concerning aspect of Doubleface is its claim to be Fully Undetectable (FUD) by major antivirus programs, including Windows 10/11 Defender, Avast, Kaspersky, and AVG. If accurate, this ability to bypass detection mechanisms poses a severe threat, enabling the ransomware to infiltrate systems undetected.
Adding to the complexity, Doubleface is equipped with advanced features such as Anti-Virtual Machine, Anti-Debugging, and Anti-Sandbox functionalities. These features make it exceedingly difficult for cyber security experts to analyse and mitigate the threat, potentially allowing the ransomware to remain undetected for extended periods.
Pricing and Distribution
The creators of Doubleface have set the price at £400 per stub, with the fully undetectable source code available for £8,000. Importantly, they emphasise that no stub is required for decryption, but users must carefully manage each stub’s key. A critical warning is issued: any attempt to decrypt files with an incorrect key will result in the permanent destruction of the data.
The emergence of Doubleface underscores the evolving tactics of cybercriminals and highlights the urgent need for robust, adaptive security measures. As organisations prepare for potential attacks, the importance of proactive cyber security strategies has never been more critical.
This latest development is a stark reminder that cyber threats are continually evolving, and staying ahead requires constant vigilance and innovation.
