Sun, Jul 21 2019, 3:47 am

Seqrite detects ransomware plus cryptomining payloads

By Digital Edge Bureau, 24.07.2018, 18:18

Sanjay Katkar, Joint Managing Director & Chief Technology Officer, Quick Heal Technologies

In a sort of a breakthrough, which highlights how rapidly the threat landscape is evolving, leading enterprise security solutions provider Seqrite has broken the existence of a highly-sophisticated Trojan dropper targeting businesses which delivers both ransomware and cryptomining payloads. The multipurpose ransom-miner was detected by Seqrite experts when they observed a series of evolved malware blocked by the brand’s state-of-the-art security solutions at the customers’ end.

“We’ve raised multiple alerts about the growing number of cryptojacking attacks, and have been talking about a possible evolution of the threat which can deliver both cryptomining and ransomware payloads. The discovery of this new Trojan dropper further underlines the need for greater security awareness and more robust security solutions. With our state-of-the-art malware detection and security mechanisms, we have blocked these threats from compromising the security profile of our enterprise customers. We will continue to study the malware and its various strains in order to devise more robust security strategies to continue protecting Seqrite customers against this new threat”.

The ransom-miner delivers GandCrab ransomware and Monero Cryptominer malware onto compromised systems, amongst other infected files and scripts. It also tries to perform various malicious activities by connecting to one or more command and control (CnC) servers. Researchers at Seqrite consider the latest threat to be part of a sustained campaign targeting end-users with multipurpose attacks comprising multiple malware.

What’s interesting about the latest threat identified by Seqrite is the level of sophistication that it exhibits. Launched through a PE32 executable file for Microsoft Windows, the ransom-miner is encrypted and contains high-entropy data. Once the infected file is downloaded, the malware decrypts some of the code and one compressed PE file. The control passes on to the decrypted code post decryption, which decompresses the PE file in memory and overwrites the parent process memory. This decompressed file is the main malware file and performs further activity once executed.

Seqrite advises enterprises to adopt a multi-layered approach by deploying robust security solutions that protect all endpoints, networks and systems from advanced cyber-threats. It is also recommended to conduct regular security assessments of the organization’s IT infrastructure, implement regular updates and patches and educate employees on the importance of cybersecurity.


Add your comment


four + = 10

Other articlesgo to homepage

Sophos adds lateral movement protection feature to its NGFWs

Sophos adds lateral movement protection feature to its NGFWs(0)

Sophos, a leading player in the network and endpoint security products & solutions space, has announced that its next-generation Sophos XG Firewall now includes lateral movement protection to prevent targeted, manual cyberattacks or exploits from infiltrating further into a compromised network. “Many organizations are set up to protect against automatic bots, but not interactive, human-driven

Operation Sharpshooter targets critical infrastructure: McAfee

Operation Sharpshooter targets critical infrastructure: McAfee(0)

In a new development, McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation.

Fortinet deploys NGFW systems with DTDC Express

Fortinet deploys NGFW systems with DTDC Express(0)

India’s leading courier & logistics company, DTDC Express, which hugely relies on IT platforms, has chosen to upgrade its existing network security architecture with Fortinet’s latest next generation firewall—FortiGate 3000D—systems & solutions. The refreshed Fortinet Security Fabric deployment has allowed DTDC to secure its network and datacenter with intrusion prevention and detection, content filtering and

Security-as-code would define SW development: Trend Micro

Security-as-code would define SW development: Trend Micro(0)

At the recently held CLOUDSEC India 2018, hosted by Trend Micro, it has been highlighted that security-as-code and security automation would define the future of cybersecurity. These two trends are in line with application development in the cloud computing era. By moving security into the early stages of the development lifecycle – or implementing DevSecOps,

Kaspersky Lab ties up with Huawei for securing cloud

Kaspersky Lab ties up with Huawei for securing cloud(0)

Russia’s Kaspersky Lab and China’s Huawei have agreed to work together in the field of cloud security at the recently held  HUAWEI CONNECT 2018 in Shanghai, China. The cooperation will seamlessly integrate Kaspersky Lab’s security solutions with Huawei’s cloud computing solution, delivering a more comprehensive approach to security and building a more secure ecosystem while

read more

Contacts and information

New Delhi (India)

Social networks

Most popular categories