New Hybrid Ransomware Strain Evades Detection by All but One Antivirus Engine

Home  »  Blog  »  Cyber Security  »  New Hybrid...

By Bill Minahan   |   November 20, 2018   |   0 Comments

IBM at their SecurityIntelligence blog reported something worrying. Researchers discovered a brand new strain of Dharma ransomware that’s able to evade detection by nearly all of the antivirus solutions on the market.

In October and November 2018, researchers with Heimdal Security uncovered four strains of Dharma, one of the oldest ransomware families.

One of the strains evaded fifty three antivirus engines listed on VirusTotal and fourteen engines utilized by the Jotti malware scan. Only one of the scanners detected the strain’s malicious behavior.

In its analysis of the hybrid strain, Heimdal found a malicious executable born through a .NET file and another associated HTML Application (HTA) file that, once unpacked, directed victims to pay a ransom in bitcoin.

How To Defend Against New Malware Strains?

There are a few ways we recommend you battle this threat:

  • Traditional antivirus is basically dead. We recommend next-gen end point security that provides time period visibility and protection for your endpoints.
  • Using tools that integrate with security information and event management (SIEM) software to streamline responses to potential incidents.
  • Inspect what you Expect. Periodically have experts examine your systems to ensure compliance standards are being met.

Free Cybersecurity Assessment