We have seen that security issues and hacking attempts have been ongoing since a long time in the world of PCs and Laptops and it is also known that Microsoft has been trying to make its Windows OS secure with each version so that the issues get lesser. However, new issues keep on emerging and they have posed a threat to the security of Windows users and we now have a new report from the company. Microsoft has issued a warning regarding a new type of ransomware attack that has been observed in countries such as India, Iran and even the US.
For those who are not aware about a ransomware attack, it is the type of attack where your files will be kept on your PC but the system will be locked and the unlocking key will only be given once you pay the ransom amount which is extraordinarily high in most cases. So we have seen that majority of the people prefer to let hackers destroy all the data rather than pay the ransom. But hackers also target only those whose data might be important than the money.
Microsoft’s latest warning is regarding PonyFinal ransomware attack which has been observed in many parts of the world including India, Iran and the US. The company reveals how the attackers operate by saying that PonyFinal gang deploys a Visual Basic script that runs a PowerShell reverse shell to dump and steal local data. In addition, the ransomware operators also deploy “a remote manipulator system to bypass event logging.”
However, the modus operandi is that they first infect a single system and then infect other systems from the first one. And the real PonyFinal ransomware is deployed to rest of the systems. Microsoft also reveals that systems with Java Runtime Environment are more at risk since PonyFinal is written in Java.