Ransomware Now Uses New Techniques To Evade Detection

Cybercriminals are constantly innovating to find new ways to deliver malware without being detected and it has been discovered that they now have a tool that helps a range of ransomware bypass security controls. Here's what you need to know.

Ransomware image from Shutterstock

Palo Alto Networks researchers have conducted extensive analysis on a tool that is used to package up multiple ransomware families. According to the researchers:

"In our analysis, multiple malware samples stood out due to what seemed like obfuscated API calls coming from a dictionary of embedded terms to resolve system functions and hide their true capabilities from commonly used static analysis tools.   "Tampering with the API calls takes away the ability to classify based on key names, thus increasing the likelihood that the malware will go undetected."

This is just one of the techniques used by the tool to hide the ransomware. So far, Palo Alto Networks has noted that this tool is being used on the Locky, TelsaCrypt and other malware families.

You can read the detailed research notes from the Palo Alto Networks team over at the company's blog.

[Via Palo Alto Networks blog]


Comments

    Hey Panda, any news on whether or not anti-ransom-ware products are keeping ahead, or even working? I've been trialling "Malwarebytes Anti-Ransomware Beta" for a couple of months now and apart from treating my Office Word exe as a threat, I haven't seen anything that tells me that it's actually doing what it says on the box.

    In our analysis, multiple malware samples stood out due to what seemed like obfuscated API calls coming from a dictionary of embedded terms to resolve system functions and hide their true capabilities from commonly used static analysis tools.

    I'm sorry, I work in IT and I seriously have NFI what you just said.

    When you said "Here’s what you need to know.", I expected you would tell me something with actionable consequences. Instead you gave me what looks like a technical abstract from an even more technical scholarly article.

    Please try again using little words and recommendations of what we should do differently as a result of this research.

      I agree. This article tells me nothing useful.

      Spandas, if you want to be taken seriously you need to make more effort. How long did this article take you - 5 mins, 10 mins?

Join the discussion!

Trending Stories Right Now