Researchers at Forcepoint Security Labs are helping businesses fight back against a known malware actor with persistent monitoring and effective mitigation for the JavaScript-based ransomware, “NELocker”. Carl Leonard, Principal Security Analyst at Forcepoint commented below.
Carl Leonard, Principal Security Analyst at Forcepoint:
“A new JavaScript-based Nemucod ransomware, created by a known malicious actor, using legitimate command line utilities like 7Zip and PHP has refined its swift and stealthy approach to encrypting machines. This ransomware, dubbed NELocker by Forcepoint due to its Nemucod roots and its boilerplate style, can perform file encryption using any (“NE”) utility indiscriminately, benign or otherwise. NELocker has evolved from a generic Nemucod (malicious JavaScript downloader) that utilises malware from the Kovter and Miuref families, to include other components like PGDownloader, 7Zip and PHP command line utilities too.
The pace of this transformation highlights the ease and effectiveness of creating ransomware based on existing legitimate software which also has the added complication of being more difficult to detect. With the complexity of opportunistic ransomware attacks increasing, it’s never been more important for IT teams to not only protect their users with effective comprehensive filtering and decryption tools but to also educate users on the importance of remaining vigilant when opening e-mails, especially attachments and links that are contained within them.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…