Cybercriminals are constantly innovating to find new ways to deliver malware without being detected and it has been discovered that they now have a tool that helps a range of ransomware bypass security controls. Here’s what you need to know.
Ransomware image from Shutterstock
Palo Alto Networks researchers have conducted extensive analysis on a tool that is used to package up multiple ransomware families. According to the researchers:
“In our analysis, multiple malware samples stood out due to what seemed like obfuscated API calls coming from a dictionary of embedded terms to resolve system functions and hide their true capabilities from commonly used static analysis tools.
“Tampering with the API calls takes away the ability to classify based on key names, thus increasing the likelihood that the malware will go undetected.”
This is just one of the techniques used by the tool to hide the ransomware. So far, Palo Alto Networks has noted that this tool is being used on the Locky, TelsaCrypt and other malware families.
You can read the detailed research notes from the Palo Alto Networks team over at the company’s blog.
[Via Palo Alto Networks blog]