Seqrite Unearths Sophisticated & Perilous Ransom-Miner Targeting Businesses That Deliver Ransomware & Cryptomining Payloads
In the present IT landscape brimful of businesses delivering ransomware and cryptomining payloads, the experts of Seqrite, the Enterprise Security solutions brand of Quick Heal Technologies Ltd have eliminated the existence of a Trojan dropper, a multipurpose ransom-miner amidst a series of blocked malwares at the customers’ end on July 23, 2018. This ransom-miner is the primordial reason behind the infusion of GandCrab ransomware and Mobero Cryptominer malware into systems and also the execution of malicious activities by gaining connections to one or more Command and Control (CnC) servers, thereby targeting end-users with multipurpose attacks entailing multiple malwares. Being encrypted and with high-entropy data, the multipurpose ransom-miner is launched through a PE32 executable file and when downloaded by the end-user, its malware decrypts some of the code and one compressed PE file. Post this, the decrypted code decompresses the PE file in memory and further overwrites the parent process memory.
The surge in the number of cryptojacking attacks, threats claiming for cryptomining and ransomware payloads and the unveiling of this new Trojan dropper stresses on the need for greater security awareness and robust security solutions
The subsequent activities in this cyber-threat are performed by this decompressed PE file which becomes the main malware file. During this process, the malware also compares 16 process names to recognize VMware, VirtualBox, Sandbox (via ‘sbiedll.dll’) and other components and when identified, stops its current process by calling for the ‘ExitProcess’ function.
Alarmed by the level of sophistication demonstrated by this ransom-miner, Seqrite encourages enterprises to deploy a multi-layered approach through robust security solutions that can safeguard all endpoints, networks and systems against the ever-evolving cyber-threats. Also, it is essential for the organizations to organize regular security assessments of their IT infrastructure, effectuate regular updates and patches, as well as spread the word on the significance of Cybersecurity to employees. “The surge in the number of cryptojacking attacks, threats claiming for cryptomining and ransomware payloads and the unveiling of this new Trojan dropper stresses on the need for greater security awareness and robust security solutions,” illustrates Sanjay Katkar, JMD & CTO, Quick Heal Technologies. “Equipped with state-of-the-art malware detection and security mechanisms, we have accomplished the task of blocking these threats across the systems of our enterprise customers and also endeavour to devise more robust security strategies in tune with the evolving malwares and its various strains,” adds Sanjay.
Demarcating as the amalgamation of intelligence, analysis of applications and latest technology, Seqrite (Estd. 2015) always pledges to provide seamless and better protection for enterprise corporate customers through its solutions synonymous with innovation and simplicity. Its portfolio of solutions entail Endpont Security, MDM, UTM and data protection technologies like Encryption and DLP while its services include comprehensive Cybersecurity consulting to corporates, PSUs, Government and Law Enforcement Agencies. Seqrite in fact is born from Quick Heal Technologies (Estd. 1995), one of the pioneering providers of IT security software products and solutions and also a sales and marketing firm in India, presently holding a network of over 22,000 channel partners.
Alarmed by the level of sophistication demonstrated by this ransom-miner, Seqrite encourages enterprises to deploy a multi-layered approach through robust security solutions that can safeguard all endpoints, networks and systems against the ever-evolving cyber-threats. Also, it is essential for the organizations to organize regular security assessments of their IT infrastructure, effectuate regular updates and patches, as well as spread the word on the significance of Cybersecurity to employees. “The surge in the number of cryptojacking attacks, threats claiming for cryptomining and ransomware payloads and the unveiling of this new Trojan dropper stresses on the need for greater security awareness and robust security solutions,” illustrates Sanjay Katkar, JMD & CTO, Quick Heal Technologies. “Equipped with state-of-the-art malware detection and security mechanisms, we have accomplished the task of blocking these threats across the systems of our enterprise customers and also endeavour to devise more robust security strategies in tune with the evolving malwares and its various strains,” adds Sanjay.
Demarcating as the amalgamation of intelligence, analysis of applications and latest technology, Seqrite (Estd. 2015) always pledges to provide seamless and better protection for enterprise corporate customers through its solutions synonymous with innovation and simplicity. Its portfolio of solutions entail Endpont Security, MDM, UTM and data protection technologies like Encryption and DLP while its services include comprehensive Cybersecurity consulting to corporates, PSUs, Government and Law Enforcement Agencies. Seqrite in fact is born from Quick Heal Technologies (Estd. 1995), one of the pioneering providers of IT security software products and solutions and also a sales and marketing firm in India, presently holding a network of over 22,000 channel partners.
