PE32 Ransomware: A New Telegram-Based Threat on the Rise

Description

PE32 Ransomware is a new strain of malware that utilizes Telegram for command and control. Despite its amateur execution, it effectively encrypts files and causes significant damage. The ransomware features a unique two-tiered payment model, demanding one fee to unlock files and another to prevent data leaks. It communicates entirely via Telegram Bot API, with the bot token exposed in the code. PE32 is characterized by its messy and loud behavior, dropping marker files, triggering disk repairs, and encrypting even useless files. While lacking sophisticated evasion techniques, it poses a real threat due to its fast encryption process and the current state of poor security hygiene among potential victims. The malware's reliance on basic Windows libraries and its chaotic codebase make it both easy to analyze and potentially dangerous.