Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking.
A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector.
According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans pulling the reins. It exfiltrates information about infected environments, spreads laterally and then waits before striking — the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely.
Encryption is carried out by appending files with a “.enc” file name extension; the ransom note meanwhile is a simple text file, researchers said.
No comments:
Post a Comment