State of Emergency
Failure to properly prepare against the ransomware resulted in a disaster in the City of New Orleans, which recently had to declare a state of emergency due to an attack. The same threat hit Maastricht University on December 23rd, encrypting almost all Windows systems. Now, security researchers reveal that the ransomware — known as Clop — has the ability to kill 663 Windows processes before it even starts encrypting Windows files. The ransomware has come a long way since it originally emerged as a relatively simple variant of the CryptoMix ransomware family, which happened back in March 2019.While it was a nuisance, it was not considered to be anything special or particularly troubling. However, it wasn’t long before hackers started tweaking it and upgrading it, which led it to target entire networks, instead of one device at a time. It quickly gained new abilities, such as disabling Windows Defender, removing Microsoft Security Essentials, and even Anti-Ransomware and Malwarebytes protections. According to researchers, the group responsible for it calls itself TA505, and it has ties to Russia.#Ransomware recap: #Clop kills Windows 10 apps, #DeathRansom evolves into an actual ransomware, and #Maze combines theft and encryption. Learn about them here: https://t.co/fUW5NrEWAn
— Trend Micro Research (@TrendMicroRSRCH) January 7, 2020
Windows 10 Ransomware Can Kill 663 Apps Before Encrypting Files
Meanwhile, with Windows being the most commonly targeted OS, it wasn’t long before hackers tweaked the malware, equipping it with new tools and processes, allowing it to target Windows apps and processes. As discovered in late 2019, the ransomware can now terminate around 663 processes. Even researchers behind Bleeping Computer, who were following its actions in November, are not sure why some of these processes are targeted.For now, researchers suggest that the best way to fight the malware is to be prepared and not get infected in the first place. This comes with preventing vulnerabilities, updating software, not downloading suspicious files, not opening suspicious, unknown emails, and alike.https://t.co/34O6T6CU2p #BleepingComputer #Clop #Ransomware #malware $MSFT #Windows10 #WindowsDefender #Malwarebytes #bypass #MSE #threat #Security #INFOSEC #NETSEC #DATASEC #Cybersecurity #APPSEC
— The Boardtown Blast (@boardtownblast) November 22, 2019
Images are courtesy of Twitter, Shutterstock, Pixabay.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.