After facilitating running process enumeration, shadow copy removal, and system data gathering, the Conti-based Gunra ransomware seeks to identify debuggers and manipulate processes to evade detection and enable escalated privileges and code injection before utilizing FindNextFileExW for file encryption, an analysis from CYFIRMA showed. Targeted entities are then threatened to have their pilfered data exposed by attackers should they fail to negotiate and pay the demanded ransom within five days. With the multi-stage nature of Gunra ransomware posing a significant challenge for reverse engineering, organizations have been urged to not only implement robust endpoint detection and response systems, ransomware defense software, and network segmentation strategies, but also restrict administrative privileges, track Tor-related traffic, and bolster phishing awareness programs for their employees.
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
