New Variants of Ransomware Avoiding Detection by Most Anti-virus Engines
New Variants of Ransomware Avoiding Detection by Most Anti-virus Engines
New hybrid ransomware strains are undetectable by all but one anti-virus engine. This is very disturbing news and I want to shout out to Knowbe4.com for breaking this news and sharing it with the community. I will include there notes below and a link to the blog:
IBM at their Security Intelligence blog reported something troubling. Researchers discovered a new strain of Dharma ransomware that is able to evade detection by nearly all of the antivirus solutions on the market.
In October and November 2018, researchers with Heimdal Security uncovered four strains of Dharma, one of the oldest ransomware families in existence. One of the strains slid past a total of 53 antivirus engines listed on VirusTotal and 14 engines used by the Jotti malware scan. Just one of the security scanners included in each of those utilities picked up on the strain’s malicious behavior.
In its analysis of the hybrid strain, Heimdal observed a malicious executable dropped through a .NET file and another associated HTML Application (HTA) file that, when unpacked, directed victims to pay a ransom amount in bitcoin.
How Persistent Is the Threat of Ransomware?
The emergence of the new Dharma strain highlights ransomware’s ongoing relevance as a cyberthreat. Europol declared that it remains the key malware threat in both law enforcement and industry reporting. The agency attributed their conclusion to financially motivated malware attacks increasingly using ransomware over banking Trojans, a trend that it anticipates will continue for years to come. Europol identified this tendency despite a surge in activity from other threats like cryptominers.
Here are some suggestions to defend against these new hybrid ransomware strains:
https://blog.knowbe4.com/new-ransomware-strain-evades-detection-by-all-but-one-antivirus-engine