Microsoft Warns of New Java-Based “PonyFinal” Ransomware Used as Part of Human-Operated Attacks

Stu Sjouwerman | Jun 19, 2020

ponyfinal ransomwareMicrosoft’s recent posts detailing a new Java attack that uses PowerShell and other legitimate tools to infect victims with ransomware sheds light on human-operated attacks.

According to Microsoft’s Advanced Threat Analytics, the median number of days an attacker sits within your network undetected is 146 days. This new PonyFinal ransomware demonstrates this behavior. According to Microsoft, attackers in this case put a human touch on the attack, not leveraging automation, but are patient and are looking for victims of opportunity rather than trying to hit everyone and anyone.

By first compromising internet-facing web systems, attackers compromise privileged credentials and use PowerShell tools and service accounts to obtain the needed access the victim network. In most cases, the attackers focus on endpoints where the Java Runtime Environment (JRE) is installed Then, according to Microsoft, attackers “stay dormant and wait for the most opportune time to deploy the [PonyFinal] payload.”

ponyfinal attack

Microsoft recommends a layered security approach that includes both proactive and reactive protective measures. We’ll add that in cases where the initial attack vector is phishing, shoring up the user’s sense of security via Security Awareness Training is critical to avoid the installation of Trojans and other types of malware that will eventually download a ransomware payload.

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.