The Tricks Used By WastedLocker To Make It One Of The Most Dangerous Cyber Threats

Tricks Used By WastedLocker To Make Most Dangerous Cyber Threats
[Palmer, Danny. “Ransomware: The tricks used by WastedLocker to make it one of the most dangerous cyber threats.” ZDNet, August 4, 2020]

“One of the most dangerous families ofransomwareto emerge this year is finding success because it's been built to avoid anti-ransomware tools and other cybersecurity software, according to security company researchers who have analysed its workings.”

“The author of the WastedLocker ransomware constructed a sequence of manoeuvres meant toconfuse and evade behavior-based anti-ransomware solutions, according to the report.”

“Many malware families use some code obfuscation techniques to hide malicious intent and avoid detection, but WastedLocker adds additional layers to this by interacting with Windows API functions from within the memory itself, where it's harder to be detected by security tools based on behavioural analysis.”

“WastedLocker uses a trick to make it harder for behavior based anti-ransomware solutions to keep track of what is going on, by using memory-mapped I/O to encrypt a file. This technique allows the ransomware to transparently encrypt cached documents in memory, without causing additional disk I/O, which can shield it from behavior-monitoring software.”

“Then, by the time the infection is detected it's too late – often the first sign is when the attackers have pulled the trigger on the ransomware attack and victims find themselves faced with a ransom note demanding millions of dollars.”

RevBits Thoughts:

The value of a successful ransomware attack is self-evident. Recent incidents, such as Garmin, demonstrate the realities of what companies are faced with when a successful ransomware attack occurs. A successful attack means either paying the requested ransom or absorbing enormous forensics and remediation costs.

Ransomware is not going away because the value of a successful attack is tremendous.

To increase the odds of a successful attack, malicious actors will continue to build ever growing sophisticated ransomware that obfuscates its actions to evade detection. To beat sophisticated ransomware, organizations need to deploy sophisticated endpoint security.

RevBits Endpoint Security is designed to detect the most sophisticated ransomware whether known or novel. Through the unique design of the behavioral analysis protocol, RevBits Endpoint Security continues to analyze new executables even if activities are conducted in memory-mapped drives. Novel actions cannot be hidden from analysis simply by acting in a specific location or utilizing an approved operating process. All behavior is analyzed regardless of process location or operation and actions determined to be malicious, such as encryption, areautomatically blocked.

For instance, if ransomware is designed to use Microsoft's EFSoperation to conduct encryption,then most endpoint security products will not block the action because it is an approved operation of the onboard OS. RevBits Endpoint Security disregards the use of an authentic and approved process by a new executable, analysis of the subsequent behavior is conducted and ifdetermined malicious, the action is detected, blocked and reported.

RevBits Endpoint Security delivers expanding value to an enterprise by continuing to protect regardless of the novel state of ransomware. The solution never requires updating based on reported threat research or requires new signatures added to its solution analysis engine to detect novel ransomware. Obfuscation of ransomware can never be used as an effective countermeasure because complete behavior is always analyzed.

Related Insights

Difference Between Sandbox and Honeypot Security
March 02, 2020

The Difference Between Sandbox and Honeypot Security Technology

When it comes to cybersecurity, different tactics emerge on a daily basis, which can make it difficult to keep up with current trends. Sandboxing and honeypot security are two cybersecurity tactics that are constantly evolving but can be confused. These two technologies are quite different and both offer valuable solutions to various cybersecurity issues. By understanding the differences in these two technologies, businesses can be sure they have the right solution for their cybersecurity needs.

Why Every Enterprise Needs Honeypot Security
February 17, 2020

Why Every Enterprise Needs Honeypot Security

Cyber attacks have been on the rise for the past five years and traditional, passive defenses are no longer enough to protect businesses and enterprises. Many companies are pairing defensive and offensive cybersecurity approaches and are implementing measures like honeypots and deception technologies to protect against future attacks.

How to Get the Most Out of Honeypot and Deception Technology
February 03, 2020

How to Get the Most Out of Honeypot and Deception Technology

Cyber attacks have been on the rise for the past five years and are projected to occur every 11 seconds by 2021. The frequency and sophistication of new-age cyber attacks means cybersecurity efforts need to extend beyond traditional defense methods. As more entities implement offensive cybersecurity, global spending on cybersecurity is expected to reach $133.7 billion in 2022. As a part of these offensive cybersecurity efforts, many companies are implementing proactive measures such as honeypots and deception technology to protect from attack.

Contact Details

Contact RevBits

Message icon Request a Demo