KnowBe4 Security Awareness Training Blog

New Hybrid Ransomware Strain Evades Detection by All but One Antivirus Engine

Written by Stu Sjouwerman | Nov 13, 2018 12:28:20 PM

IBM at their SecurityIntelligence blog reported something troubling.

Researchers discovered a new strain of Dharma ransomware that is able to evade detection by nearly all of the antivirus solutions on the market.

In October and November 2018, researchers with Heimdal Security uncovered four strains of Dharma, one of the oldest ransomware families in existence.

One of the strains slid past a total of 53 antivirus engines listed on VirusTotal and 14 engines used by the Jotti malware scan. Just one of the security scanners included in each of those utilities picked up on the strain’s malicious behavior.

In its analysis of the hybrid strain, Heimdal observed a malicious executable dropped through a .NET file and another associated HTML Application (HTA) file that, when unpacked, directed victims to pay a ransom amount in bitcoin.

How Persistent Is The Threat Of Ransomware?

The emergence of the new Dharma strain highlights ransomware’s ongoing relevance as a cyberthreat. Europol declared that it remains the key malware threat in both law enforcement and industry reporting. The agency attributed their
conclusion to financially motivated malware attacks increasingly using ransomware over banking Trojans, a trend that it anticipates will continue for years to come. Europol identified this tendency despite a surge in activity from other threats like cryptominers.

How To Defend Against New Malware Strains?

There are a few ways we recommend you battle this threat:

  1. Traditional antivirus is essentially dead. You need next-gen endpoint security that gives you real-time visibility and protection for your endpoints.
  2. Experts also recommend using tools that integrate with security information and event management (SIEM) software to streamline responses to potential incidents.
  3. Step your users through new-school security awareness training, since the vast majority of ransomware attacks use spear phishing and social engineering to infect the workstation.

Find out how affordable new-school security awareness training is for your organization. Get a quote now.

 
 


Sources: Heimdal Security, Europol, Comodo Cybersecurity, IBM