ROADSWEEP is a ransomware tool, which upon execution will enumerate files on the device and encrypts the content in blocks using RC4. Window API names, malware configuration parameters, and the basis of a ransomware note are RC4 encrypted within ROADSWEEP. During execution, ROADSWEEP will decrypt these encrypted strings and dynamically resolve necessary imports. ROADSWEEP was reportedly used in the July 2022 attack on Albanian government systems.

Incidents Caused by this Malware

Threat Actors Known to use this Malware

No threat actors identified