• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Ransomware  /  PonyFinal Ransomware dubbed by many as the modern-day Trojan horse.
Hackers ransack businesses by riding on the modern-day Trojan Horse.
26 August 2020

PonyFinal Ransomware dubbed by many as the modern-day Trojan horse.

Written by Seqrite
Seqrite
Ransomware
Estimated reading time: 2 minutes

Microsoft recently warned its over 100,000 followers about the emergence of a new human-operated Java-based ransomware that has been involved in targeted attacks in the US, India and Iran.

PonyFinal, the name of this malware, is an example of human-operated ransomware which is gaining currency as an instrument to attack individuals. In this type of attack, attackers use credential thefts and lateral movements to acquire more knowledge about an individual. The strategy and payload are chosen based on the target environment. Once the environment is understood and identified, the threat actor uses the type of ransomware that aligns the closest to the chosen environment of the target.

How human-operated ransomware is different

What differentiates this mode of attack from automated malware is that it is far more complicated than unsuspecting users being tricked to click on malicious links. In the case of PonyFinal and other similar human-operated ransomware, there are attackers on the other side, continuously monitoring and gathering intelligence on injecting ransomware into the target’s system.

PonyFinal attacks can happen through brute-force attacks where attackers gain access through the target’s systems management server. Elaborating further, Microsoft stated, through tweets, “They deploy a VBScript to run a PowerShell reverse shell to perform data dumps. They also deploy a remote manipulator system to bypass event logging”.

The other attack approach involves the deployment of a Java Runtime Environment (JRE) which enables the launch of the Java-based PonyFinal ransomware. According to Microsoft, the evidence suggested that the attackers used information stolen from system management servers to target endpoints with JRE already installed.

PonyFinal: How it works

Experts suggest that the PonyFinal ransomware campaign has been involved in highly targeted attacks on targets in the US, India and Israel and is likely the work of an advanced cybercrime group. It has also capitalized on the ongoing COVID-19 pandemic by repeatedly targeting the healthcare sector.

PonyFinal uses a secure encryption scheme with encrypted files that have an .enc extension and a simple text file acting as a ransom note. Experts warn that it may be unlikely that encrypted files can be recovered, making it a dangerous threat.

All Internet-facing assets must be secured

To protect against PonyFinal and other similar types of human-operated ransomware, enterprises need to stay vigilant. The key is to secure all Internet-facing assets and monitor for brute-force activity which could indicate that a reconnaissance operation is in progress.

IT administrators must ensure that their systems and all applications have the latest patches and are running on the latest operating software. Admin accounts should specifically have extremely strong passwords with few users having access to these accounts. It’s also important to monitor authentication attempts – a large number of attempted log-ins to an admin account could very well indicate a brute-force attack.

To gain essential security for every connected endpoint, enterprises can consider Seqrite Endpoint Security (EPS). It’s a simple and powerful platform that integrates advanced features like Anti-Ransomware, Advanced Device Control, Behavioral Detection System, and Data Loss Prevention (DLP) for easy usage. Powered by GoDeep.AI, EPS uses Seqrite’s behaviour-based detection technology to scan for and block ransomware threats while also backing up data in a secure location.

 Previous PostAll you need to know about Application Programming Interface (API...
Next Post  Cybersecurity below the kernel
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • BEC and Ransomware attacks unsettle businesses globally.

    BEC and Ransomware attacks increase during the pandemic

    January 22, 2021
  • Thanos Ransomware adopts hyper-weaponized RIPlace tactics — collects huge pay-offs.

    Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic

    November 18, 2020
  • Ransomware attacks rise on e-commerce servers — Bitcoin expected as ransom.

    Hackers steal e-commerce databases, demand Bitcoin as ransom.

    July 16, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • RAT used by Chinese cyberspies infiltrating Indian businesses RAT used by Chinese cyberspies infiltrating Indian businesses December 18, 2020
  • How can EdTech companies deal with rising security challenges? How can EdTech companies deal with rising security challenges? December 24, 2020
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • BEC and Ransomware attacks increase during the pandemic

    BEC and Ransomware attacks increase during the pandemic

    January 22, 2021
  • Are we prepared against risks generating from the IoT revolution?

    Are we prepared against risks generating from the IoT revolution?

    January 15, 2021
  • Proactiveness is the key to resolving hybrid cloud’s security challenges

    Proactiveness is the key to resolving hybrid cloud’s security challenges

    January 6, 2021

Stay Updated!

Topics

Antivirus For Linux (10) Antivirus For Server (9) BYOD (9) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (275) cyber security (25) Cyber threat (29) cyber threats (44) Data (10) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) incident response plan (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (55) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.