A ransomware newcomer is starting to have an impact in the ANZ region, with the hackers recently listing Sydney-headquartered Prime Properties as a victim on its darknet leak site.
The M3rx group listed the property investment firm on April 29 and is claiming to have successfully infiltrated 100 gigabytes of company data, totalling at least 81,000 files.
Beyond those scant details, M3rx has not shared its ransom demand, nor the deadline for payment. It has not posted any evidence of the hack, either.
Prime Properties has not responded to Cyber Daily’s request for comment.
Who is M3rx?
M3rx is one of several new ransomware groups to spin up in recent months, and has claimed just eight victims since it was first observed this week.
The location of its victims is typically diverse, with organisations from England, the United States, Australia, Germany, Italy, and Switzerland.
While little else is known about the group at this time, researchers at IBM X-Force Exchange have gathered a small amount of intelligence on their actual ransomware variant.
“The ransomware uses a PE32+ x64 Go sample, which includes an embedded config, writes a ransom note named RECOVERY_NOTES.TXT, renames encrypted files with a .8hmlsewu extension, and deletes itself through PowerShell after execution. M3rx employs X25519 key exchange, AES-CTR for file content, and AES-GCM to wrap each per-file AES key, with a fixed 0x400-byte footer,” IBM’s security people said.
“The encryptor's file format is recognisable, and the public trail is still developing. The ransom note claims files were stolen and encrypted, demanding Bitcoin after negotiation and threatening publication. The sample shows file-impact behaviors such as encryption, note dropping, Recycle Bin clearing, and self-delete behavior. Detection artifacts include specific SHA256 and MD5 hashes, embedded config details, and unique strings.”
Who is Prime Property?
Prime Properties operates out of the Sydney suburb of Kensington and provides a range of property investment, building management and management consultancy services. Of its consultancy business, Prime says:
“Prime Properties (NSW) P/L provides management consultancy services to a select group of commercial businesses, including the creation of documented procedural systems for small and medium-sized enterprises. Our management consultancy services are specifically tailored for individual businesses.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.