Seqrite battles ransomware, Cryptomining

The multipurpose ransom-miner was detected by experts when they observed a series of evolved malware blocked.

Update: 2018-07-27 12:02 GMT
In the first quarter of 2019, theft of digital currencies from exchanges and scams totalled USD 356 million.

In a breakthrough which highlights how rapidly the threat landscape is evolving, an enterprise security solutions provider, Seqrite has broken the existence of a highly-sophisticated Trojan dropper targeting businesses which delivers both ransomware and crypto mining payloads. The multipurpose ransom-miner was detected by experts when they observed a series of evolved malware blocked by the brand’s state-of-the-art security solutions at the customers’ end.

The ransom-miner delivers GandCrab ransomware and Monero Cryptominer malware onto compromised systems, amongst other infected files and scripts. It also tries to perform various malicious activities by connecting to one or more Command and Control (CnC) servers. Researchers consider the latest threat to be part of a sustained campaign targeting end-users with multipurpose attacks comprising multiple malware.

What’s interesting about the latest threat is the level of sophistication that it exhibits. Launched through a PE32 executable file for Microsoft Windows, the ransom-miner is encrypted and contains high-entropy data. Once the infected file is downloaded, the malware decrypts some of the code and one compressed PE file. The control passes on to the decrypted code post-decryption, which decompresses the PE file in memory and overwrites the parent process memory. This decompressed file is the main malware file and performs further activity once executed.

Moreover, the malware compares 16 process names to identify the presence of VMware, VirtualBox, and related components. It also checks for the Sandbox by verifying the presence of “sbiedll.dll”. If it identifies the existence of a virtual environment, the malware stops its activity by calling for the ‘ExitProcess’ function and stops its current running processes.

Therefore, enterprises are advised to adopt a multi-layered approach by deploying robust security solutions that protect all endpoints, networks and systems from advanced cyber-threats. It is also recommended to conduct regular security assessments of the organization’s IT infrastructure, implement regular updates and patches and educate employees on the importance of cybersecurity.

Tags:    

Similar News