2 min read

Microsoft warns of PonyFinal ransomware attacks

Graham CLULEY

May 28, 2020

Microsoft warns of PonyFinal ransomware attacks

Malware experts at Microsoft have warned businesses to be on their guard against hackers plotting to plant the PonyFinal ransomware on compromised IT systems.

Attacks incorporating the Java-based PonyFinal ransomware have been seen in the wild since the beginning of April, with reports coming in from India, Iran, and the United States.

What makes the PonyFinal ransomware particularly effective is that the hackers behind attacks spend time researching their intended victims and creating a plan for how best to maximise the ransom they might be able to extract.

In a series of tweets, Microsoft’s security intelligence team stressed that it’s more important for organisations to focus on the way in which the attack is delivered than the malicious payload.

And there’s definitely some truth in that. Much of the media attention on ransomware attacks focuses on companies being locked out of their encrypted data, and the dilemma as to whether they should pay the ransom or not.

What is perhaps more useful to IT security teams is to place more emphasis upon how an attack begins in the first place, and what methods are being used by a hacking gang to plant ransomware on the company’s computer systems.

After all, if an attack can be made to stumble at the first hurdle, your company hopefully won’t ever have to deal with the nightmare scenario of how to recover their encrypted data.

According to the researchers, hackers have gained access to potential victims by brute-forcing their way into company servers, compromising internet-facing web systems and obtaining privileged credentials.

Common vectors for initial infection can include brute force of RDP, vulnerable internet-facing systems, and weak application settings.

In some instances, the attackers have deployed Java Runtime Environment (JRE), which PonyFinal needs to run. However, stealthier attacks have also been seen where attackers have taken advantage of the existence of a JRE installation already existing on an endpoint computer.

Phillip Misner, security program manager at Microsoft, told Dark Reading that the criminals behind the PonyFinal attacks were moulding their attacks for specific targets.

“Like all of these human-operated ransomware campaigns, this is a cut above your normal criminal organization. These are attackers with the ability to choose multiple payloads and who spend their time doing research to see how they can extract the most money from the compromises they do.”

Don’t become the next victim. Take steps inside your company to reduce the chances of a ransomware attack succeeding.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read