Microsoft’s alert on Devasting Ransomware

Information on Microsoft Ransomware

Lately, Microsoft team has warned the public about the “significant and growing” threat where the attacker can deliver a malicious payload to Microsoft’s User.

A newly ransomware has been discovered from a strain of NetWalker which the attacker can easily inject malicious code into User’s Machine that using Windows 10. This attack normally uses the explorer executable process within Windows 10 where it is already considered as dangerous enough to the Victim’s Machine.

Guys! There are still good news for those are using Microsoft that been affected by the malicious payloads are still can preventable for the attacks and the fallout.

Researchers with Microsoft’s Threat Protection Intelligence Team have said something like below:

These attacks are known to take advantage of network configuration weaknesses and vulnerable services to deploy devastating ransomware payloads, and while ransomware is the very visible action taken in these attacks, human operators also deliver other malicious payloads, steal credentials, and access and exfiltrate data from compromised networks.

Next-gen Ransomware Types

There are three Next-gen Ransomware Types that need to be aware in the year 2020 which is Ryuk, DoppelPaymer, and Parinacota

Ryuk Ransomware

This Ransomware Ransomware type can be considered as more lucrative if comparing to their predecessor malware. The purpose of Ryuk Ransomware is that it will target large organizations and government agencies where it will end-up by paying a huge amount the attacker. As a result, the attacker will focus on an organisation that produces a high ROI.

Source: Ryuk

DoppelPaymer Ransomware

DoppelPaymer Ransomware is the newest ransomware where the attacker will threatening the victim by selling the victim’s details on the internet. The victims will need to pay a ransom that been demanded by the attacker and if not, the attacker will publish the stolen files taken from the victim’s machine.

This new strategy used by the attacker which takes advantage of the network-wide encryption method after stealing all the victim’s files.

Parinacota Ransomware

Parinacota Ransomware is the type where it will impact at least four organization every week that the attacker find it useful to them. The main purpose of this types of ransomware might have shifted over time and also been influenced depending to the infrastructure of the target’s.

Recommendation for security improvement

For Microsoft’s users, they will not be fear as long as they apply a basic of good security and it should be fine.

Microsoft have stated as below:

The top recommendations for mitigating ransomware and other human-operated campaigns,are to practice credential hygiene and stop unnecessary communication between endpoints.

On the Microsoft website, they have mentioned the mitigating tactics that can be applied to Microsoft’s users and hopefully help the users. Besides that, IT’s team will need to consult with the security team in terms of security purposes. They might be misconfiguration and setting that the attacker will be interested to look into.

As been told by Researchers with Microsoft’s Threat Protection Intelligence Team below:

Human-operated attacks will continue to take advantage of security weaknesses to deploy destructive attacks until defenders consistently and aggressively apply security best practices to their networks

Source: Microsoft Warns Of ‘Devastating’ Cybersecurity Threat To Windows Users: Here’s What You Need To Know and Human-operated ransomware attacks: A preventable disaster

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *