Monday February 24, 2020
Home Lead Story New Encryptio...

New Encryption Ransomware that Exploits Windows Vulnerability Identified

The vulnerability CVE-2018-8453 that the ransomware uses was earlier found to be exploited by the FruityArmor hacking group

0
//
cybersecurity
In India, the average cost of data breach grew 7.29 per cent year-over-year to reach Rs 12.8 crore from Rs 11.9 crore last year, said a new study by IBM. Pixabay

Researchers at cybersecurity firm Kaspersky have uncovered new encryption ransomware named Sodin which exploits a recently discovered Windows vulnerability to get elevated privileges in an infected system. The ransomware takes advantage of the architecture of the central processing unit (CPU) to avoid detection – functionality that is not often seen in ransomware.

“Ransomware is a very popular type of malware, yet it’s not often that we see such an elaborate and sophisticated version: using the CPU architecture to fly under the radar is not a common practice for encryptors,” said Fedor Sinitsyn, a security researcher at Kaspersky.

“We expect a rise in the number of attacks involving the Sodin encryptor, since the amount of resources that are required to build such malware is significant. Those who invested in the malware’s development definitely expect if to pay off handsomely,” Sinitsyn added.

ransomware
The vulnerability CVE-2018-8453 that the ransomware uses was earlier found to be exploited by the FruityArmor hacking group. Pixabay

The researchers found that most targets of Sodin ransomware were found in the Asian region: 17.6 per cent of attacks have been detected in Taiwan, 9.8 per cent in Hong Kong and 8.8 per cent in the Republic of Korea.

ALSO READ: Microsoft Virtual Keyboard App SwiftKey Now Allow Users to Send 3D Animated Animal Emojis

However, attacks have also been observed in Europe, North America and Latin America, Kaspersky said, adding that the note left on infected PCs demands $2500 worth of Bitcoin from each victim. The vulnerability CVE-2018-8453 that the ransomware uses was earlier found to be exploited by the FruityArmor hacking group. The vulnerability was patched on October 10, 2018, Kaspersky said.

To avoid falling victim to Sodin threats, make sure that the software used in your company is regularly updated to the most recent versions, said Kaspersky researchers. Security products with vulnerability assessment and patch management capabilities may help to automate these processes, they added. (IANS)

Next Story

New Malware Can Fake Incoming Calls to Steal Banking Details: Kaspersky

A new banking trojan can insert fake text messages and obtain banking credentials

0
banking malware
A new version of the Ginp banking Trojan that can insert fake text messages into the Inbox of a regular SMS app in a bid to obtain banking credentials of unsuspecting users. Pixabay

Researchers at cybersecurity firm Kaspersky have identified a new version of the Ginp banking Trojan that can insert fake text messages into the Inbox of a regular SMS app in a bid to obtain banking credentials of unsuspecting users.

The malware urges victims to open their banking apps with SMS and push notifications, then overlays these apps and steals banking credentials.

These messages appear under the guise of reputable vendors informing users about an undesired event like blocked account access.

To prevent this, the user is requested to open the application. Once victims do that, the Trojan overlays the original window and asks them to input the credentials for a credit card or a bank account. As a result, their payment details are handed over to cybercriminals.

banking malware
The malware urges victims to open their banking apps with SMS and push notifications, then overlays these apps and steals banking credentials. Pixabay

“Ginp is simple, but efficient – and effective. And the rate at which it evolves and acquires new capabilities is concerning. While this attack has so far only been seen in Spain, based on our previous experience, this Trojan could begin to emerge in other countries as well; Android users need to be on alert,” Alexander Eremin, security expert at Kaspersky, said in a statement.

Having infiltrated a phone, most mobile banking Trojans try to gain access to SMS messages. They do so to intercept one-time confirmation codes from banks. Armed with such a code, the malware owners can make a payment or siphon off funds without the victim noticing.

At the same time, many mobile Trojans use text messages to infect more devices by sending the victim’s contacts a bad download link.

Also Read- Ways to Maintain Curly Hair

Some malicious apps are more creative, using SMS access to distribute other things in your name, such as offensive text messages.

The Ginp malware can even create incoming texts on the victim’s phone that no one actually sent, Eremin said. (IANS)