New Attack TTP - Virtual Machines used for Ransomware


By MYBRANDBOOK


New Attack TTP - Virtual Machines used for Ransomware

A new ransomware attack method takes defense evasion to a new level-deploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine. This is the first time Sophos has seen this kind of TTP used for a ransomware attack, according to Mark Loman, director of engineering, Threat Mitigation at Sophos. says, Mark Loman, director of engineering, Threat Mitigation at Sophos who further explains the attack.

 

SophosLabs Uncut has posted, “Ragnar Locker ransomware deploys virtual machine to dodge security,” a blog article that details a new Ragnar Locker TTP discovery, including a recent shift to deploy a well-known trusted hypervisor to hundreds of endpoints at the same time. This is the first time Sophos has seen this kind of TTP used for a ransomware attack, according to Mark Loman, director of engineering, Threat Mitigation at Sophos.

 

This shows on how the attackers have advanced their methods and attempts to evade detection. the research further says,

 

“In the last few months, we’ve seen ransomware evolve in several ways. But, the Ragnar Locker adversaries are taking ransomware to a new level and thinking outside of the box. They are deploying a well-known trusted hypervisor to hundreds of endpoints simultaneously, together with a pre-installed and pre-configured virtual disk image guaranteed to run their ransomware. Like a ghost able to interact with the material world, their virtual machine is tailored per endpoint, so it can encrypt the local disks and mapped network drives on the physical machine, from within the virtual plane and out of the detection realm of most endpoint protection products. The overhead involved to covertly run their 50 kilobyte ransomware seems like a bold, noisy move, but could pay-off in some networks that are not properly protected against ransomware,” said Mark Loman, director of engineering, Threat Mitigation at Sophos. “This is the first time we have seen virtual machines used for ransomware.”

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org