New Strain of Ransomware Evades All but One Antivirus Engine

Home  »  Blog  »  Cyber Security  »  New Strain...

By Bill Minahan   |   November 20, 2018   |   0 Comments

New strain of ransomware:

IBM at their Security Intelligence blog reported something worrying. Researchers discovered a brand new strain of Dharma ransomware that’s able to evade detection by nearly all of the antivirus solutions on the market.

In October and November 2018, researchers with Heimdal Security uncovered four strains of Dharma, one of the oldest ransomware families.

Dharma appends various extensions to infected files and is a variant of CrySiS. What’s more concerning, the threat actors behind the ransomware continue to release new variants which are not decryptable. New strain of ransomware

Unfortunately, one of the strains evaded fifty three antivirus engines listed on VirusTotal and fourteen engines utilized by the Jotti malware scan.

Only one of the scanners detected the strain’s malicious behavior. This is concerning, especially because ransomware has been wreaking havoc lately. There have been over 3 dozen ransomware attacks on municipalities, corporations, and individuals. They’ve resulted in million dollar losses.

However, now these new strains of ransomware are being evaded by antivirus engines altogether.

In its analysis of the hybrid strain, Heimdal found a malicious executable born through a .NET file and another associated HTML Application (HTA) file that, once unpacked, directed victims to pay a ransom in bitcoin.

Ransomware asking for bitcoin has increased due to it’s secure and anonymous features that make it perfect for hackers.

As a result, people have begun to face ransomware’s dilemma: Should you ever pay the ransom?

How To Defend Against New Strains of Ransomware?

New strains of ransomware are developing faster than the technology we use to evade them.

However, there are a few ways we recommend you battle this threat:

  • Traditional antivirus is basically dead. We recommend next-gen end point security that provides time period visibility and protection for your endpoints.
  • Using tools that integrate with security information and event management (SIEM) software to streamline responses to potential incidents.
  • Inspect what you Expect. Periodically have experts examine your systems to ensure compliance standards are being met.

Free Cybersecurity Assessment