Ransom-miner: The Multi-Purpose Cyberthreat

As incidences of ransomware and cryptocurrency mining threat i.e. cryptojacking continue to increase in 2018, a cybercriminal group has managed to combine them to extort maximum money from enterprises. Recently, ransomware removal experts from Seqrite were able to discover a highly-advanced form of Trojan. This cyberthreat is able to infect businesses with both ransomware as well as cryptocurrency mining malware.

Dual Purpose

Some ransomware removal experts have given it the name of ‘ransom-miner’ as it was noticed by high-quality anti-malware tools. According to ransomware removal experts, this malware infects systems with the notorious GandCrab ransomware along with a mining malware through which hackers are able to mine the popular cryptocurrency Monero. As the computing resources of businesses and individuals are hogged, Monero is mined and sent to the remote locations of the hackers.

Additionally, the malware also attempts to link the Command and Control servers of enterprises. Security analysts refer it to be the latest cyber threats in a calculated and coordinated campaign that aims to target businesses and individuals with a plethora of malicious strategies.

Working

Ransomware removal experts found the Trojan distinct as they observed it to be too complex and sophisticated in its operation. It is launched with the assistance of a PE32 .exe file in Microsoft’s Windows and its code is initially encrypted.  

After the affected file is loaded into the victim’s computer, the virus will then decrypts its code. Subsequently, the newly-encrypted code works for the decompression of the PE exe file and modifies the memory of the system’s process. The PE file will then take control and kick-start the next activities of the virus.

It was also noted that the virus is able to cross-check at least 16 processes in the system to find any sign of a virtual environment like VirtualBox, VMware and other virtualization environments.