Ransomware gone stealth with VM

Bad actors have now increased their use in a virtual machine and anonymous ToR browser post their discovery upon the DarkSide of the colonial pipelines.

Let us revisit the stages from a hackers perspective:

Cyber ransom criminals are now enabled to conduct their malicious activities in stealth mode, as running their ransom payloads off a virtual machine environment depreciates possible opportunities for the discovery of their infiltrative footprints until it's time to seize your data and encrypt them at the speed of light.

Based on an investigation by Symantec on this subject and I quote:

"The motivation behind the tactic is stealth. In order to avoid raising suspicions or triggering antivirus software, the ransomware payload will "hide" within a VM while encrypting files on the host computer," Symantec said.

This modus operandi is definitely going to make the detection of such ransomware attacks difficult to detect.

This is why it is important to ensure that your endpoint security has the ability to detect, protect and mitigate known and unknown risks by ensuring that their cyber feelers are deeply rooted in every edge of your endpoints.

So, how can we try our best to identify what Ransomware has hit your machine if any infiltrations gained backdoor access or exploited an exploit in your endpoint protection, yes that can happen too?

As you know ransomware is one of the most lethal incidents that your endpoint may encounter. I strongly believe that it is of paramount importance to identify the type of ransomware that has infiltrated your endpoint.

Let's look at the steps on identifying ransomware:

• Let's start by getting the ransom note or a copy of an encrypted file that does not contain any personal information and personally identifiable information of your customers. Then open up ID Ransomware (malwarehunterteam.com)
• Now the most important part of identifying the cause of ransomware attacks. And, there are two methods you can use to detect what has affected and encrypted your data. Either the ransom note or copy of an encrypted file method will enable the server to identify the type of ransomware your endpoint has been infiltrated with.?
• So the upload phase is done, now ID Ransomware website will analyze the ransom note/sample encrypted file for finding the ransomware, the ID Ransomware website will analyze the ransom note/sample encrypted file for identifying the ransomware from a currently possible 1009 different variations of ransomware.

I personally would like to invite you to explore our free internationally acclaimed security awareness programme and you can also request a trial of our cybersecurity endpoint protection products powered by Gartner's approval.

Disclaimer: This initiative is purely for educational purposes and does not constitute express advice in the cyber solution landscape and I personally disclaim myself from liability based on any reliance on the information in this article and its contents, irrespective of the merit it carries.

Avishkar Singh (2021) | Director | Effectualness (Pty) Ltd