Login

Register

Login

Register


Security researchers are warning of a new ransomware campaign using malicious IQY files to spread via phishing emails.

IQY, or Internet Query files, are simple text files read by Excel that work to download data from the web.

Researchers at Lastline observed them being weaponized in attacks designed to spread a new variant of Paradise ransomware.

“This campaign attempts to entice users into opening an IQY attachment, which reaches out and retrieves a malicious Excel formula from the attacker’s C2 server. This formula, in turn, contains a command to run a PowerShell command that will download and invoke an executable,” the vendor explained.

“Since these IQYs contain no payload (just a URL), they can be challenging for organizations to detect. Organizations may have to rely on a third-party URL reputation service if they do not have appliances in place to analyze and interrogate these URLs.”

Paradise itself is not new; the variant has been around since 2017. However, this version contains some enhancements designed to improve its ability to evade detection by security filters.

These include use of the Salsa20 crypto routine algorithm, which can be implemented into the malware source code so that there’s no need to call out to a crypto library.

This makes it more difficult for security tools to detect, as many AV tools rely on spotting API calls to detect ransomware. It also makes it harder for analysts to understand exactly what type of encryption is being used, said Lastline.

The researchers tried to get a response from the ransomware support team but received none, indicating the campaign is not fully operational. However, they did ascertain that the ransomware will not activate if the user’s language is Russian, Kazakh, Belarusian, Ukranian or Tatar, which may hint at its origins.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW