Ransomware You Probably Didn’t Know About

Ransomware groups continue to innovate with new ways of locking down environments. SpearTip has analyzed several new approaches over the last several weeks. One of the latest ransomware projects is Java-based ransomware. This ransomware has been observed “in the wild” but not yet on a widespread basis.

Java-Based Ransomware

Java-based ransomware is difficult for many security solutions to detect. Why? Because it leverages the Java image file format or JIMAGE and virtualization provided by the Java Runtime Environment. Many solutions are unable to recognize the encryption routines used to lock down files.

Before running the Java-based ransomware, cybercriminals will often look for weak points within your organization to gain entry into your network. One example of this is RDP (Remote Desktop Protocol). If the protocol is open to the public internet, cybercriminals can easily exploit known weaknesses. This is an easy way for them to access your environment, escalate privileges, and then lock down your files. After locking the files, most cyber criminals demand a substantial ransom to unlock the files. In general, prevention of this type of attack is the best approach, and it is advised to not pay the ransom.

Although Java-based ransomware is not completely new, it has been active before. Yet, as security solutions prevent traditional ransomware attacks, cybercriminals are discovering that most security systems are not equipped to stop this type of threat. SpearTip expects to see these groups continuing to creatively find ways to ransom environments.

It is important to constantly evaluate your organization’s security posture. Human-based cyber expertise is critical to stopping these threats. SpearTip’s ShadowSpear® platform can stop ransomware before it compromises an environment, even emerging types of ransomware.

To learn more about ShadowSpear®, visit speartip.com.

24/7 Breach Response: 833.997.7327