• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey
  • Home
  • About
  • Syllabus
  • Gradebook

The Hottest Malware Hits of the Summer 2019

September 11, 2019 by Numneung Koedkietpong 1 Comment

This article summarizes the popular malware hits during July and August 2019. These malware hits use several and advance techniques such as Changing hashes via file obfuscation to evade AVs, Using encrypted communication with C2 servers to foil EDRs, and Using feature manipulation and tampering to trick AI, machine-learning engines, and sandboxes. The following malware and ransomware attacks are listed;
– Fileless Attacks and Living-Off-The-Land (LOTL)
– (Jack-in-the-box)2
– Astaroth Malware
– Sodinokibi Exploits
– GermanWiper Ransomware
– MegaCortex Ransomware
– Silence APT Spreads Malware
– Turla Attacks

Source: https://thehackernews.com/2019/09/its-been-summer-of-ransomware-hold-ups.html

Filed Under: Uncategorized, Week 03: Reconnaisance Tagged With:

Reader Interactions

Comments

  1. Jaimin Pandya says

    September 13, 2019 at 9:34 am

    The flow chart in the article did a pretty cool job explaining how it works. The deadliest of them I think is the Germanwiper one which doesn’t encrypt anything but ends up overwriting all the content with zeroes and then eventually destroying the data. I read about this one last month which had been wreaking havoc in Germany. From what I remember one of the article had mentioned that if the users don’t have “offline backups” then the data is destroyed. Think about this – also how many companies now do offline backups especially when cloud backup is taking over all of it.

    It all starts with emails. According to zdnet “These emails claim to be job applications from a person named “Lena Kretschmer.” A CV is attached as a ZIP file to these emails, and contains a LNK shortcut file. The LNK file is boobytrapped and will install the GermanWiper ransomware.

    When users run this file, the ransomware will rewrite the content of various local files with the 0x00 (zero character), and append a new extension to all files. This extension has a format of five random alpha-numerical characters, such as .08kJA, .AVco3, .OQn1B, .rjzR8, etc..

    After it “encrypts” all targeted files, GermanWiper will open the ransom note (an HTML file) inside the user’s default browser.”

    Article link: https://www.zdnet.com/article/germanwiper-ransomware-hits-germany-hard-destroys-files-asks-for-ransom/

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (55)
  • Week 01: Overview (6)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (7)
  • Week 04: Network Mapping and Vulnerability Scanning (4)
  • Week 05: Metasploit (9)
  • Week 06: More Metasploit (8)
  • Week 07: Social Engineering (11)
  • Week 08: Malware (19)
  • Week 09: Web Application Hacking (14)
  • Week 10: SecuritySheperd (12)
  • Week 11: Intro to Dark Web and Intro to Cloud (10)
  • Week 12: Introduction to Wireless Security with WEP and WPA2 PSK (6)
  • Week 13: WPA2 Enterprise and Beyond WiFi (11)
  • Week 14: Jack the Ripper, Cain and Able, and Ettercap (9)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in