Wed, Sep 19 2018, 7:08 am

Seqrite detects ransomware plus cryptomining payloads

By Digital Edge Bureau, 24.07.2018, 18:18

Sanjay Katkar, Joint Managing Director & Chief Technology Officer, Quick Heal Technologies

In a sort of a breakthrough, which highlights how rapidly the threat landscape is evolving, leading enterprise security solutions provider Seqrite has broken the existence of a highly-sophisticated Trojan dropper targeting businesses which delivers both ransomware and cryptomining payloads. The multipurpose ransom-miner was detected by Seqrite experts when they observed a series of evolved malware blocked by the brand’s state-of-the-art security solutions at the customers’ end.

“We’ve raised multiple alerts about the growing number of cryptojacking attacks, and have been talking about a possible evolution of the threat which can deliver both cryptomining and ransomware payloads. The discovery of this new Trojan dropper further underlines the need for greater security awareness and more robust security solutions. With our state-of-the-art malware detection and security mechanisms, we have blocked these threats from compromising the security profile of our enterprise customers. We will continue to study the malware and its various strains in order to devise more robust security strategies to continue protecting Seqrite customers against this new threat”.

The ransom-miner delivers GandCrab ransomware and Monero Cryptominer malware onto compromised systems, amongst other infected files and scripts. It also tries to perform various malicious activities by connecting to one or more command and control (CnC) servers. Researchers at Seqrite consider the latest threat to be part of a sustained campaign targeting end-users with multipurpose attacks comprising multiple malware.

What’s interesting about the latest threat identified by Seqrite is the level of sophistication that it exhibits. Launched through a PE32 executable file for Microsoft Windows, the ransom-miner is encrypted and contains high-entropy data. Once the infected file is downloaded, the malware decrypts some of the code and one compressed PE file. The control passes on to the decrypted code post decryption, which decompresses the PE file in memory and overwrites the parent process memory. This decompressed file is the main malware file and performs further activity once executed.

Seqrite advises enterprises to adopt a multi-layered approach by deploying robust security solutions that protect all endpoints, networks and systems from advanced cyber-threats. It is also recommended to conduct regular security assessments of the organization’s IT infrastructure, implement regular updates and patches and educate employees on the importance of cybersecurity.


Add your comment


3 × = nine

Other articlesgo to homepage

SonicWall gets high rating in 2018 NSS Labs NGFW test

SonicWall gets high rating in 2018 NSS Labs NGFW test(0)

SonicWall, world’s  leading network security systems company, received a Recommended rating in the 2018 Next-Generation Firewall (NGFW) Group Test by NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance. SonicWall placed in the prestigious upper-right ‘Recommended’ quadrant on the NSS Labs Security Value Map (SVM). SonicWall was among 10 participants

Juniper Networks embarks on 400Gb throughput roadmap

Juniper Networks embarks on 400Gb throughput roadmap(0)

Juniper Networks, world’s top notch network gears and network security systems provider, has announced a broad 400GbE refresh to its wide-area network, data center and enterprise portfolio with leading routing and switching densities. The new technology will help service provider, cloud and enterprise customers recalibrate network economics as they transition to 400GbE to lower cost-per-bit

Veeam intros new backup for Microsoft Office 365 Version 2

Veeam intros new backup for Microsoft Office 365 Version 2(0)

Veeam Software, the frontline company in the space of data management and backup & recovery, has released new Veeam Backup for Microsoft Office 365 Version 2. This new release now protects Microsoft OneDrive for Business, SharePoint Online, and SharePoint on-premises installations, in addition to Exchange Online and Exchange on-premises. This newest version of Veeam Backup

Avaya bags gold for business analytics at IT World Awards

Avaya bags gold for business analytics at IT World Awards(0)

Avaya has announced that Network Products Guide, one of the industry’s leading technology research and advisory guides, has named Avaya a Gold winner for business intelligence & analytics in the 13th annual 2018 IT World Awards. These industry and peer recognitions from Network Products Guide are premier information technology awards honoring achievements and recognition across

FireEye put as Leader in APAC Threat Lifecycle Services

FireEye put as Leader in APAC Threat Lifecycle Services(0)

FireEye, one of world’s most innovative cyber security solutions provider, has been positioned as a leader in the IDC MarketScape’s Asia-Pacific Threat Lifecycle Services 2018 Vendor Assessment. The IDC report notes that according to customer feedback, FireEye provides unique threat intelligence compared with many other providers in the market. One contributor to such uniqueness is

read more

Contacts and information

New Delhi (India)

Social networks

Most popular categories