Ransomware Campaign Alters Variants to Evade Detection

Status
Not open for further replies.
L

LabZero

Thread author
Content source
https://threatpost.com/ransomware-campaign-alters-variants-to-evade-detection/113690
A recently uncovered operation has been mutating versions of ransomware to better avoid getting detected.

As part of the campaign, which researchers from Cambridge-based Cybereason have dubbed Kofer, attackers are tweaking certain variables of ransomware like CryptoWall 3.0 and Crypt0L0cker to evade static signature or hash-based detection.

While the malware variants are different, researchers have deduced that they’re being altered by one, singular group.

More
 
  • Like
Reactions: jamescv7, JM Safe, Tony Cole and 1 other person
Solarquest

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
What are AV doing and what can they do to detect (proactively) these variants?
Are they using generic signatures? My inpression is most AV detect each sample by signature/hash after they got a sample or hope the BB detect it...only few have generic or good generic signatures/heuristic.....I might (hope to)be wrong...
 
Status
Not open for further replies.

Similar threads

Shadowra
    • +Reputation
    • Like
Malware News StopCrypt: Most widely distributed ransomware evolves to evade detection
Replies
3
Views
1,057
Security News
Victor M
Victor M
silversurfer
    • Like
    • +Reputation
Chinese hackers use new custom backdoor to evade detection
Replies
0
Views
629
News Archive
silversurfer
silversurfer
LASER_oneXM
    • Like
    • +Reputation
    • Wow
New Cactus ransomware encrypts itself to evade antivirus
Replies
0
Views
1,076
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top