Dangerous form of ransomware has just evolved to be harder to spot


  1. Borg 386
    Posts : 39,998
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       New #1

    Dangerous form of ransomware has just evolved to be harder to spot


    One of the most dangerous forms of ransomware has just evolved to be harder to spot

    Malicious loaders delivered by self-extracting Dropbox files enable payloads to bypass detection.
    Identified by Trend Micro, the new Cerber variant is, like most ransomware, delivered by a malicious phishing email. But rather than encouraging the victim to click on a link to download a file, these emails contain a link to Dropbox which downloads and self-extracts the Cerber payload.

    However, in order to evade detection and monitoring by cybersecurity researchers, this version of Cerber will check to see if it's running on a virtual machine, sandbox, or if certain products are running on the machine -- and if it spots any of these, it'll stop running. Why? Because it's in the best interests of the criminals behind it that their code doesn't get analysed.

    It's because of this that the actors behind Cerber have gone to the trouble of repackaging the delivery method and loader in order to get around cybersecurity products which can detect malicious files based on features instead of signatures.

    But by deploying a self-extracting mechanism, it's possible for the file to not look malicious, even to machine learning tools.
    One of the most dangerous forms of ransomware has just evolved to be harder to spot | ZDNet
      My Computer
    Quote Quote

  3. TairikuOkami
    Posts : 5,453
    Windows 11 Home
       New #2

    When the victim opens the attached Word document, the malicious macro writes a small piece of VBScript into memory and executes it. This VBScript executes PowerShell to connect to an attacker-controlled server and download the ransomware
    Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection Threat Research Blog

    And all it takes to prevent it and majority of malware is this (most users do not need WSH).
    Getting rid of powershell helps enormously too, but some users might find it bothersome.

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    The reason, AV companies do not post details, so people would not know, how easy it is to avoid, without AV.
      My Computer
    Quote Quote

  4. jimbo45
    Posts : 11,247
    Windows / Linux : Arch Linux
       New #3

    Hi there

    If a computer has this sort of problem -- DO NOT EVEN THINK about "repairing it in situ" - CLEAN RESTORE is the only 100% OK solution. Also registry hacks are a waste of time --if some of this evil Ransomware is as sophisticated as it seems to be it will easily get round those "protections".

    1) Always have a CLEAN backup of your OS - No excuse not to - Free Macrium works very well indeed and can be booted off a USB.

    2) Backup OS regularly - preferably nightly and keep say 3 copies OFFLINE of course

    3) Keep OS+applications SEPARATE from your DATA (e,g photos, music, videos, office documents etc)

    4) backup important data every so often

    5) If Ransomware rears its ugly head -- SWITCH OFF COMPUTER IMMEDIATELY -- Do not use shutdown etc --simply Hard power off.

    6) (optional) re-format OS partition (including system reserved one) HDD with a bootable program such as windows recovery Disc --

    7) Boot stand alone Macrium and restore clean copy of OS.

    8) verify your data files

    Then have a nice stiff drink and make the appropriate - I believe is it the "2 fingered salute" to those scumbags who think they are clever dishing out Ransomware. Your computer is now as good as new again !!!!

    Note -- to those who know Linux an excellent GUI for copying / comparing / verifying files etc is GRSYNC.
    I use this one almost exclusively for backing up DATA but that's another issue.

    Further note to anybody reading this thread -- I've posted (as others) almost AD NAUSEAM the importance of BACKUPS -- it hardly takes long these days to back up the OS and external HDD's are mega cheap too.

    THERE IS SIMPLY NO EXCUSE FOR NOT TAKING BACKUPS


    - and if people did take backups then 99% of the problems encountered in this section of the Forum would be avoided.

    Cheers
    jimbo
      My Computer
    Quote Quote

 

  Related Discussions
Very slow iphone hot spot speeds.
in Network and Sharing

Ok I realize this forum isn't for iphones and such . But im having a very odd problem , my hotspot speeds on my pc are very slow most I get is 2.5 mbps . Whats bizarre if I do a speed test with the hotspot enabled on the pc I get 47 mbps down and 4...
I am having issues with my laptop connecting to the internet via my new phone (Xperial L1). Previously I had an HTC and that worked fine, it is/was old running android 4.0.3. However I have replaced this with the xperia on a new network and now I...
Antivirus evolved
in Windows 10 News

Source: Antivirus evolved Windows Security
Does anyone else feel that the "new" (old?) two-dimensional feel of Windows 10 makes it a bit harder to interpret where one window ends and another begins when there are multiple windows/dialogues stacked on top of each other?
Google's look evolved
in Windows 10 News

... sportin a new look! ... and favicon! 35223 Source
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 05:52.
Find Us




Windows 10 Forums