A new variant of the Ryuk Ransomware was discovered yesterday by MalwareHunterTeam, who saw that it was signed by a digital certificate. After this sample was examined by researcher Vitali Kremez, it was discovered that a few changes were made to this variant that was not seen in previous samples. 

Kremez found that with this new variant, the ransomware will check the output of arp -a for particular IP address strings, and if they are found, will not encrypt the computer. 

 

Expert Comment:

Roy Rashti, Cybersecurity Expert at BitDam: 

- isbuzz expert 8 260x300 - Ryuk Ransomware Adds IP And Computer Name Blacklisting“This new variant allows the attacker to remove computers from their target bank. This that they can selectively avoid those computers they don’t want to infect.    

Certain hackers will strongly identify themselves with a particular group, whom they might not want to infect for ideological reasons. It’s also possible that hackers are afraid of being pursued or arrested by certain governments and want to avoid antagonising them or alerting them to their activities. In these circumstances, this new variant can be a very useful tool.  

Organisations need to take several necessary precautions to defend against this iteration. Firstly, they need to deploy an effective solution that prevents the transmission of malicious attachments to user inboxes; the most travelled by attackers attempting to deliver . Next, they must apply the necessary settings to endpoints to prevent them from being infected via one of the recent RDPs or old SMB exploits. Finally, organisations need to keep all security patches updated.” 



Source link
Based Blockchain Network

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here