UK News Ransomware group deploys virtual machines to hide from antivirus software

00:00  23 may  2020
00:00  23 may  2020 Source:   techradar.com

Petersen Museum transforms 2020 Monterey Car Week into free online event

  Petersen Museum transforms 2020 Monterey Car Week into free online event With the 2020 Monterey Car Week canceled, LA museum will host an array of virtual activities to replace the classic automotive eventHaving hundreds of people crowd around a vintage Duesenberg or Ferrari would clearly make social distancing impossible. However, the Petersen Automotive Museum has created an alternative.

The group then configures the virtual machine to give it full access to all local and shared drives, allowing the virtual machine to interact with files stored outside its Because the ransomware runs inside the VM , the antivirus software won't be able to detect the ransomware 's malicious process.

Ransomware encrypts from virtual machines to evade antivirus . NetWalker ransomware group is moving away from phishing for malware distribution and has adopted a network-intrusion model focusing on May 22nd 2020. Ransomware encrypts from virtual machines to evade antivirus .

an open laptop computer sitting on top of a grass covered field: null © Provided by TechRadar null

In order to avoid detection by antivirus software, the operators of the RagnarLocker ransomware have begun installing Oracle's VirtualBox and running virtual machines on the computers they infect before deploying their ransomware.

The UK-based cybersecurity firm Sophos first spotted this new technique and it shows just how far cybercriminals are willing to go to ensure that their ransomware attacks are not detected by a victim's antivirus or other security software.

According to Sophos, the group behind RagnarLocker has been known to steal data from targeted networks before launching a ransomware attack in order to encourage victims to pay. Last month, they attacked the network of Energias de Portugal (EDP), claimed to have stolen 10TB of sensitive company data and demanded a ransom of $11m while threatening to release the data if the ransom was not paid.

Facebook unveils scam warnings for Messenger users

  Facebook unveils scam warnings for Messenger users Facebook on Thursday said that its Messenger app will be watching behind the scenes for scammers using the smartphone communication system. The feature began rolling out to the Messenger app tailored for Android-powered smartphones in March and will head to Messenger on iPhones next week, according to Facebook. "Too often people interact with someone online they think they know or trust, when it's really a scammer or imposter," Sullivan said."These accounts can be hard to identify at first and the results can be costly.

More broadly, a virtual machine behaves like a server: it is a computer within a computer that provides the user with the same experience they would have on the host operating system itself. In general, virtual machines are sandboxed from the rest of the system

Here are the steps you can take to hide the fact that your virtual machine is, well a virtual machine . By default, a VMWare virtual machine 's SMBIOS data

  • 'Robin Hood of ransomware' wreaks revenge on shady businesses
  • This ransomware spreads across hundreds of devices in no time at all
  • Also check out our list of the best ransomware protection

In past attacks, the RagnarLocker group has used exploits of managed service providers (MSPs) or attacks on Windows Remote Desktop Protocol (RDP) connections to establish a foothold on targeted networks. After gaining admin-level access, the group uses native Windows administrative tools such as Powershell and Windows Group Policy Objects (GPOs) to move laterally across a network to launch attacks on other Windows clients and servers.

Deploying virtual machines

In its latest attack, the RagnarLocker group opted not run its ransomware directly on computers they wanted to encrypt and instead chose to download and install Oracle VirtualBox to run virtual machines. These virtual machines are then configured to give the attackers full access to all local and shared drives which allows the virtual machine to access files stored outside of its own storage.

Danish club opens first-ever 'virtual grandstand' for fans amid pandemic

  Danish club opens first-ever 'virtual grandstand' for fans amid pandemic Danish club opens first-ever 'virtual grandstand' for fans amid pandemicThird-placed Aarhus play Randers in the first match on the league's return on May 28 and the club will allow fans to be present via the video conferencing tool Zoom, with their feed displayed on several screens that face the pitch.

Additionally, most of the best antivirus software and anti -malware software will have protections against ransomware built in, so we've featured these at the top of our list - after all, prevention is better than treatment. On top of this, for ordinary users backing up their most import files offline or online

Ransomware is a type of computer virus that seizes control of a user's computer or encrypts the Software that transforms Windows- and Linux-based physical machines into virtual machines . Install a verified antivirus software from one of the main providers like McAfee, Kapersky, Symantec

The virtual machines are then booted up running a stripped-down version of Windows XP SP3 called MicroXP v0.82. The attackers then run their ransomware inside of the virtual machine and this makes it impossible for antivirus software to detect.

Instead of seeing an unknown program making changes to files stored on a device and in shared drives, to the antivirus software all of these changes appear to have originated from the legitimate VirtualBox app so users are not notified.

Sophos says that this is the first time it has seen a ransomware group abuse virtual machines during an attack but now that cybercriminals know this new technique works, expect to see others try to implement it in the future.

  • Keep your devices protected with the best antivirus software

Via ZDNet

How to watch the Formula 1 Virtual Grand Prix: EIGHT pro F1 drivers race today in virtual Monaco .
Enjoy some hard-fought virtual F1 action with real F1 and e-sports stars taking on [checks notes]… Pierre Aubameyang of Arsenal FC!This week – today, Sunday May 24, in fact – there are a record number of pro drivers taking part in the virtual high-speed drive-a-thon. Actual F1 wheelmen Esteban Ocon and Valtteri Bottas will, for the first time, be joining established petrol jockeys Alex Albon, Antonio Giovinazzi, George Russell, Nicholas Latifi, Lando Norris and Charles Leclerc.

—   Share news in the SOC. Networks
usr: 4
This is interesting!