A new strain of malware is on the loose, targeting enterprise systems, Microsoft has warned. Known as PonyFinal, the malware infiltrates the systems through human-operated attacks and demands for ransom at a time when it believes the victim is most likely to pay.
Microsoft took to Twitter to reveal details about the Java-based malware.
PonyFinal is a Java-based ransomware that is deployed in human-operated ransomware attacks. While Java-based ransomware are not unheard of, they’re not as common as other threat file types. However, organizations should focus less on this payload and more on how it’s delivered. pic.twitter.com/Q3BMs7fSvx
— Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020
Being human-operated, PonyFinal relies on hackers breaching the enterprise systems and deploying it themselves. This is contrary to most malware which relies on social engineering techniques such as phishing.
According to Microsoft, the hackers target a company’s systems management server. They infiltrate it through brute-force techniques. They then deploy the malware, stealing local data and deploying “a remote manipulator system to bypass event logging.” Since it’s Java-based, it excels in systems that rely on Java Runtime Environment. However, in systems where JRE isn’t installed, the malware has been observed to install it.
Yet another thing that sets this malware apart is the ability of the hackers to buy time to ensure maximum gains. According to the researchers, in some instances, the hackers infiltrate a system but don’t encrypt the data. They wait for a time when they believe the victims is in a better financial position, encrypt the data and demand ransom.
This unique approach seems to be catching on of late. In April, Microsoft observed that a number of malware deployments had gone live all at once in the first two weeks of the month, indicating that they had already infiltrated the systems but had been biding their time.
PonyFinal emerged in early 2020, according to security expert Michael Gillespie. In five months, it has attacked only a small number of targets. This, according to Gillespie, proves that the hackers are conducting targeted attacks.
The victims have been in the U.S., India and Iran, he revealed.
According to Microsoft, PonyFinal has not spared the health sector, even as the weight of the COVID-19 pandemic bears down on the sector. This is in contrast to some other infamous hacking groups such as the CLOP ransomware and the DoppelPaymer ransomware gangs which pledged to cease attacking health systems for as long as the coronavirus pandemic goes on.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.