Ransomware Now Uses New Techniques To Evade Detection

Cybercriminals are constantly innovating to find new ways to deliver malware without being detected and it has been discovered that they now have a tool that helps a range of ransomware bypass security controls. Here’s what you need to know.

Ransomware image from Shutterstock

Palo Alto Networks researchers have conducted extensive analysis on a tool that is used to package up multiple ransomware families. According to the researchers:

“In our analysis, multiple malware samples stood out due to what seemed like obfuscated API calls coming from a dictionary of embedded terms to resolve system functions and hide their true capabilities from commonly used static analysis tools.
“Tampering with the API calls takes away the ability to classify based on key names, thus increasing the likelihood that the malware will go undetected.”

This is just one of the techniques used by the tool to hide the ransomware. So far, Palo Alto Networks has noted that this tool is being used on the Locky, TelsaCrypt and other malware families.

You can read the detailed research notes from the Palo Alto Networks team over at the company’s blog.

[Via Palo Alto Networks blog]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


3 responses to “Ransomware Now Uses New Techniques To Evade Detection”