Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Adding Insult To Injury: The Ginsu Knives Approach To Ransomware

    RAA RansomwareKaspersky has a fascinating blog post on a new strain of ransomware called RAA that is not only fairly sophisticated, but incredibly abusive:
     
    Long story short, this bundle of nastiness encrypts your files and then, adding insult to injury, drops a variant of the well-known and much-dreaded Pony info-stealer trojan to sweep up credentials and compromise whatever accounts it can.
     
    This RAA variant is delivered via a zipped, password-protected .JS file nearly 3000 lines in length. When it's first opened it looks like a Microsoft Word document to trick victims. The .JS file is itself a minor wonder, as it contains not only....
     
    1. An implementation of the DLL CryptoJS (itself an implementation of the RSA encryption process), but ...
    2. An .RTF file (stored in base64 and displayed to distract the user while the malcode does its business in the background), as well as ...
    3. Pony itself (a PE file stored, again, in base64 within the script itself, which is dropped and executed after the file encryption process completes).
    It's the infamous Ginsu knives approach ("But wait, there's more...") brought to the world of malware.
     
    Yikes.
     
    The infection vector for RAA ransomware has been mostly spear phishing emails targeted at corporate users. They are likely using the Pony stealer for one to gain access to contact lists that increase the success of new attacks, but the stealer also searches for passwords, FTP credentials, and much more.
     
    See all the technical details for this strain at Kaspersky's blog.
     

    Free Phishing Security Test

    Did you know that 91% of successful data breaches started with a spear-phishing attack?

    Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone with our free test. Did you know that KnowBe4 also supports "Vishing" where you can actually send your users simulated voice mail attacks?

    Get Your Free PST Now

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews