Disk wiping malware has the powerfulness to cripple whatsoever arrangement past times permanently wiping out information from all difficult drive in addition to external storage on a targeted machine, causing corking fiscal in addition to reputational damage.
Security researchers from Moscow-based antivirus provider Kaspersky Lab discovered the novel wiper StoneDrill while researching terminal November's re-emergence of Shamoon malware (Shamoon 2.0) attacks – 2 attacks occurred inwards Nov in addition to i inwards belatedly January.
Shamoon 2.0 is the to a greater extent than advanced version of Shamoon malware that reportedly striking fifteen authorities agencies in addition to organizations across the world, wipes information in addition to takes command of the computer’s kick record, preventing the computers from existence turned dorsum on.
Meanwhile, Kaspersky researchers institute that the newly discovered StoneDrill wiper malware was built inwards a similar "style" to Shamoon 2.0, merely did non part the exact same code base.
"The uncovering of the StoneDrill wiper inwards Europe is a important sign that the grouping is expanding its destructive attacks exterior the Middle East," Kaspersky researchers tell inwards a blog post. "The target for the assault appears to locomote a large firm amongst a broad expanse of action inwards the petrochemical sector, amongst no apparent connective or involvement inwards Saudi Arabia."Researchers likewise noticed that the samples of Shamoon 2.0 in addition to StoneDrill were likewise uploaded multiple times to online multi-scanner antivirus engines from Kingdom of Saudi Arabia terminal November.
Here's How StoneDrill Malware Works:
Once infected, StoneDrill automatically generates a custom wiper malware module without connecting to whatsoever command-and-control server, rendering the infected machines completely inoperable.
StoneDrill wiper malware likewise includes the next characteristics:
New Evasion Techniques
StoneDrill features an impressive powerfulness to evade detection in addition to avoid sandbox execution. Unlike Shamoon, StoneDrill doesn't brand occupation of disk drivers during installation.Instead, StoneDrill relies on retention injection of the information wiping module into the victim's preferred browser.
StoneDrill likewise makes occupation of Visual Basic Scripts to run self-delete scripts, piece Shamoon did non occupation whatsoever external scripts.
Backdoor Ability
Like Shamoon, StoneDrill likewise includes backdoor functions that are used for espionage operations, amongst screenshot in addition to upload capabilities.Kaspersky researchers identified at to the lowest degree 4 command-and-control (C&C) servers that the attackers used to spy on in addition to bag information from an unknown seat out of targets.
Furthermore, StoneDrill uses command in addition to command communications to interact amongst the malware instead of using a "kill time" every bit inwards the Shamoon attacks analyzed inwards Jan 2017 that exercise non implement whatsoever C&C communication.
Ransomware Component
Besides wiping functionality, the novel malware likewise includes a ransomware component.
However, this characteristic is currently inactive merely attackers tin occupation leverage this component division of the platform inwards futurity attacks to concur victims hostage for fiscal or idealistic gain.
Like Shamoon 2.0, StoneDrill was reportedly compiled inwards Oct in addition to Nov 2016.
Although StoneDrill by in addition to large targets organizations inwards Saudi Arabia, Kaspersky researchers discovered the malware victims inwards Europe every bit well, pregnant that the attackers mightiness locomote widening their campaign.
For to a greater extent than technical details nearly the StoneDrill in addition to Shamoon 2.0 attacks, you lot tin caput on to Kaspersky's official blog.
Share This :
reat Article
ReplyDeleteCyber Security Projects
projects for cse
Networking Projects
JavaScript Training in Chennai
JavaScript Training in Chennai