Microsoft’s security team has issued an advisory today warning organizations around the globe to deploy protections against a new strain of ransomware that has been in the wild over the past two months. Infections have been reported in India, Iran and the United States. The intrusion point is usually an account on a company’s systems management server, which the PonyFinal gang breaches using brute-force attacks that guess weak passwords. Once inside, Microsoft says the PonyFinal gang deploys a Visual Basic script that runs a PowerShell reverse shell to dump and steal local data. In addition, the ransomware operators also deploy “a remote manipulator system to bypass event logging”. Once the PonyFinal gang has a firm grasp on the target’s network, they then spread to other local systems and deploy the actual PonyFinal ransomware. PonyFinal is a Java-based ransomware that is deployed in human-operated ransomware attacks,” Microsoft said in a series of tweets published.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
