The Tricks Used By WastedLocker To Make It One Of The Most Dangerous Cyber Threats

Tricks Used By WastedLocker To Make Most Dangerous Cyber Threats
[Palmer, Danny. “Ransomware: The tricks used by WastedLocker to make it one of the most dangerous cyber threats.” ZDNet, August 4, 2020]

“One of the most dangerous families ofransomwareto emerge this year is finding success because it's been built to avoid anti-ransomware tools and other cybersecurity software, according to security company researchers who have analysed its workings.”

“The author of the WastedLocker ransomware constructed a sequence of manoeuvres meant toconfuse and evade behavior-based anti-ransomware solutions, according to the report.”

“Many malware families use some code obfuscation techniques to hide malicious intent and avoid detection, but WastedLocker adds additional layers to this by interacting with Windows API functions from within the memory itself, where it's harder to be detected by security tools based on behavioural analysis.”

“WastedLocker uses a trick to make it harder for behavior based anti-ransomware solutions to keep track of what is going on, by using memory-mapped I/O to encrypt a file. This technique allows the ransomware to transparently encrypt cached documents in memory, without causing additional disk I/O, which can shield it from behavior-monitoring software.”

“Then, by the time the infection is detected it's too late – often the first sign is when the attackers have pulled the trigger on the ransomware attack and victims find themselves faced with a ransom note demanding millions of dollars.”

RevBits Thoughts:

The value of a successful ransomware attack is self-evident. Recent incidents, such as Garmin, demonstrate the realities of what companies are faced with when a successful ransomware attack occurs. A successful attack means either paying the requested ransom or absorbing enormous forensics and remediation costs.

Ransomware is not going away because the value of a successful attack is tremendous.

To increase the odds of a successful attack, malicious actors will continue to build ever growing sophisticated ransomware that obfuscates its actions to evade detection. To beat sophisticated ransomware, organizations need to deploy sophisticated endpoint security.

RevBits Endpoint Security is designed to detect the most sophisticated ransomware whether known or novel. Through the unique design of the behavioral analysis protocol, RevBits Endpoint Security continues to analyze new executables even if activities are conducted in memory-mapped drives. Novel actions cannot be hidden from analysis simply by acting in a specific location or utilizing an approved operating process. All behavior is analyzed regardless of process location or operation and actions determined to be malicious, such as encryption, areautomatically blocked.

For instance, if ransomware is designed to use Microsoft's EFSoperation to conduct encryption,then most endpoint security products will not block the action because it is an approved operation of the onboard OS. RevBits Endpoint Security disregards the use of an authentic and approved process by a new executable, analysis of the subsequent behavior is conducted and ifdetermined malicious, the action is detected, blocked and reported.

RevBits Endpoint Security delivers expanding value to an enterprise by continuing to protect regardless of the novel state of ransomware. The solution never requires updating based on reported threat research or requires new signatures added to its solution analysis engine to detect novel ransomware. Obfuscation of ransomware can never be used as an effective countermeasure because complete behavior is always analyzed.

Related Insights

RevBits Detection and Response Engine Blocks All Exploits Before the Attack Chain Begins
November 15, 2022

RevBits Detection and Response Engine Blocks All Exploits Before the Attack Chain Begins

The idea behind a home security system is to deter break-ins and subsequent theft and malicious damage. We hope the ear-shattering alarm and implied promise of police intervention will be enough to cause criminals to flee before entering. Unfortunately, regardless of protective measures, many savvy thieves can breach your system and inflict a great deal of loss and harm in a short time and still evade authorities.

Email Phishing Training and Anti-Phishing Tools Matter Most Before the Holidays
May 13, 2022

Exterminate Cyber Pests with RevBits Award-Winning Deception Technology

Most homeowners have had to deal with a pest problem at some point. In addition to the mess their intrusion may create, they can also cause a great deal of damage. Trying to determine their access point can be a tricky endeavor. You can attempt any number of lures and traps; sometimes with success. But the truly insidious and elusive pest will require the services of an expert.

Difference Between Sandbox and Honeypot Security
March 03, 2020

The Difference Between Sandbox and Honeypot Security Technology

When it comes to cybersecurity, different tactics emerge on a daily basis, which can make it difficult to keep up with current trends. Sandboxing and honeypot security are two cybersecurity tactics that are constantly evolving but can be confused. These two technologies are quite different and both offer valuable solutions to various cybersecurity issues. By understanding the differences in these two technologies, businesses can be sure they have the right solution for their cybersecurity needs.

Contact Details

Contact RevBits

Message icon Request a Demo