A respected security news site I check often is Kaspersky Labs' threatpost.com, which is always reporting new emerging threats effecting the industry.
Recently they published an article about modified attacks that have been affecting Japanese enterprises in the past several months that leave behind ONI ransomware. In Japan ONI refers to demon like figures such as the picture shown above that are common in Japanese art and folklore. These attacks are built around DiskCyrptor disk encryption utility combined with a bootkit and are generally first introduced via a spear phishing email with a office document containing a Trojan called Ammyy Admin. Once downloaded, the malware takes advantage of user credentials to move laterally throughout the network compromising data assets, harvesting information and eventually targets the domain controller to gain complete control of the target network. At the end of the attack, the ONI ransomware is spread as well as deletion of log files on the computers in attempt to cover its tracks and leave its true motive unknown. This new attack is very similar to the NotPetya malware that was seen employed throughout the Ukraine in early June. However, unlike NotPetya, ONI has a bootkit accompanied with it that makes it impossible to recover any of the encrypted disk. Thus making it even more devastating on the afflicted organization Out of the investigation, it was found that the critical MS17-010 security update which was released in March of this year was not installed on the networks which were attack between July and September. So if there is anything to learn from this attack, it is to always, ALWAYS!, update you machines as soon as you can.
0 Comments
Leave a Reply. |
Some of My Security News Sites:Krebsonsecurity.com
Threatpost.com Securityboulevard.com Securityweekly.com Symantec.com Securityledger.com Have a news site or blog? Send me a message so I can add it to mine! |