KnowBe4 issues ransomware payloads alert with DDos

Tuesday 24 May 2016 08:43 CET | News

KnowBe4 has issued an alert on a malicious new trend in ransomware which adds DDos component.

A new variant of the Cerber ransomware is now adding a DDoS bot that can blast spoofed network traffic at various IPs. This is the first time DDoS malware has been inserted into a ransomware infection. This means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim.

Stu Sjouwerman, KnowBe4’s CEO, said that the virus relies on social engineering the employee to activate the Macro feature in Office, which then executes a malicious VBScript that downloads and runs the malware.

The ransomware is executed first, which encrypts the users data and then blocks their access to the machine by locking the screen. After that, a second binary called 3311.tmp is launched into execution and starts sending a large amount of network traffic out of the infected computer.

The attackers use Visual Basic to launch a file-less attack, and most antiviruses are completely blind to file-less attack methods. Consequently, they are unable to see this until it has been dropped on the disk. At that point scanners can find it, but often thats too late.

KnowBe4 is a security platform helping organizations manage the problem of social engineering tactics through security awareness training.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: ransomware, DDos, web fraud, security, cyber threats, malware, social engineering, KnowBe4
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions