New strain of Windows ransomware targets Taiwan organisations – iTWire

Several organisations in Taiwan have been targeted by a new Windows ransomware family that has been named ColdLock by the Japanese security firm Trend Micro.

In a blog post, the company said large databases and email servers appeared to be the targets for encryption.

The attacks appeared to have started early this month. Analysis of the malware showed similarities with the LockerGoga, Freezing and EDA2 educational ransomware kit, with more similarities to the last named than the previous two.

Trend Micro said it was unaware of the vector used by ColdLock.

"From this point, they were able to set Group Policies that led to the ransomware file being downloaded and run onto machines within the affected domain."

There was no indication as to whether ColdLock first downloads a victim's files before encrypting them and issuing a ransom note.

The ColdLock payload arrives as a ,NET executable (as a .DLL file) and uses PowerShell reflective loading to run this file.

One notable feature was that the executable would run only if the time was at, or after, 12.10pm on the victim's system.

Given its targets, ColdLock shut down any database or email server processes (mariadb, msexchangels, mssql, mysql, oracleservice) before getting down to encryption.

"Ransomware continues to be a lingering threat, something we mentioned in our last Annual Security Roundup after seeing that the number of ransomware cases we detected climbed from 55 million in 2018 to 61 million in 2019," Trend Micro said.

"Cases like these are more dangerous, as threats that compromise enterprise systems allow for much easier propagation within enterprise networks."

- Engage in knowledge sharing and discussions

- Assess where you currently sit in your digital transformation roadmap

- Discover how your business can become Digital Ready through the proven IOA architecture

- Solve common challenges around network optimisation, hybrid multicloud, distributed security and distributed data

- Learn from a selection of case studies how on their businesses have embraced an IOA approach to transform their infrastructure for scale, performance and growth

Date & Time

Tuesday 5th May

12.00 - 13.00 AEST

REGISTER NOW!

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLights optical networks experts.

This white paper titled, When 1% of the Light Equals 100% of the Information is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

See original here:
New strain of Windows ransomware targets Taiwan organisations - iTWire