Fri, Nov 16 2018, 12:37 am

Seqrite detects ransomware plus cryptomining payloads

By Digital Edge Bureau, 24.07.2018, 18:18

Sanjay Katkar, Joint Managing Director & Chief Technology Officer, Quick Heal Technologies

In a sort of a breakthrough, which highlights how rapidly the threat landscape is evolving, leading enterprise security solutions provider Seqrite has broken the existence of a highly-sophisticated Trojan dropper targeting businesses which delivers both ransomware and cryptomining payloads. The multipurpose ransom-miner was detected by Seqrite experts when they observed a series of evolved malware blocked by the brand’s state-of-the-art security solutions at the customers’ end.

“We’ve raised multiple alerts about the growing number of cryptojacking attacks, and have been talking about a possible evolution of the threat which can deliver both cryptomining and ransomware payloads. The discovery of this new Trojan dropper further underlines the need for greater security awareness and more robust security solutions. With our state-of-the-art malware detection and security mechanisms, we have blocked these threats from compromising the security profile of our enterprise customers. We will continue to study the malware and its various strains in order to devise more robust security strategies to continue protecting Seqrite customers against this new threat”.

The ransom-miner delivers GandCrab ransomware and Monero Cryptominer malware onto compromised systems, amongst other infected files and scripts. It also tries to perform various malicious activities by connecting to one or more command and control (CnC) servers. Researchers at Seqrite consider the latest threat to be part of a sustained campaign targeting end-users with multipurpose attacks comprising multiple malware.

What’s interesting about the latest threat identified by Seqrite is the level of sophistication that it exhibits. Launched through a PE32 executable file for Microsoft Windows, the ransom-miner is encrypted and contains high-entropy data. Once the infected file is downloaded, the malware decrypts some of the code and one compressed PE file. The control passes on to the decrypted code post decryption, which decompresses the PE file in memory and overwrites the parent process memory. This decompressed file is the main malware file and performs further activity once executed.

Seqrite advises enterprises to adopt a multi-layered approach by deploying robust security solutions that protect all endpoints, networks and systems from advanced cyber-threats. It is also recommended to conduct regular security assessments of the organization’s IT infrastructure, implement regular updates and patches and educate employees on the importance of cybersecurity.


Add your comment


one + = 4

Other articlesgo to homepage

Security-as-code would define SW development: Trend Micro

Security-as-code would define SW development: Trend Micro(0)

At the recently held CLOUDSEC India 2018, hosted by Trend Micro, it has been highlighted that security-as-code and security automation would define the future of cybersecurity. These two trends are in line with application development in the cloud computing era. By moving security into the early stages of the development lifecycle – or implementing DevSecOps,

Kaspersky Lab ties up with Huawei for securing cloud

Kaspersky Lab ties up with Huawei for securing cloud(0)

Russia’s Kaspersky Lab and China’s Huawei have agreed to work together in the field of cloud security at the recently held  HUAWEI CONNECT 2018 in Shanghai, China. The cooperation will seamlessly integrate Kaspersky Lab’s security solutions with Huawei’s cloud computing solution, delivering a more comprehensive approach to security and building a more secure ecosystem while

Quick Heal offers extra months validity during festivities

Quick Heal offers extra months validity during festivities(0)

Gingering up the cheer to the upcoming festive season, Quick Heal Technologies has announced the launch of the Quick Heal Total Security Festive Pack. The festive pack gives Quick Heal customers four extra months of validity at no additional cost if activated on festive days. The days during which the offer can be availed— on

Security analytics firm Skybox ties up with RAH Infotech

Security analytics firm Skybox ties up with RAH Infotech(0)

In a significant development, Skybox Security, world’s leading provider of security intelligence & analytics software, has struck a national distribution tie-up with Gurgaon-headquartered RAH Infotech, which has emerged as one of India’s fastest growing value added distributors (VADs) specializing in the fields of networking and security products. The formal distribution partnership has been solemnized between

Quick Heal detects over 180 million Windows threats in Q2 18

Quick Heal detects over 180 million Windows threats in Q2 18(0)

That the global threat landscape is growing and evolving at a rapid pace is no secret. Rapid digitisation, in the absence of appropriate cybersecurity measures, has also made users and businesses across India more vulnerable to emerging threats. It is to draw attention to this massive risk leading IT security solutions provider Quick Heal Technologies

read more

Contacts and information

New Delhi (India)

Social networks

Most popular categories