Author Topic: Microsoft Warns Of PonyFinal Ransomware Attacks Active In The Wild  (Read 82 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35126
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com


Microsoft alerted all its users to stay vigilant with regard to PonyFinal ransomware attacks. Since the ransomware attacks are active in the wild, Microsoft has urged users to pay attention to its deployment.

PonyFinal Ransomware Attacks

In a series of tweets, Microsoft Security Intelligence has shared details about new ransomware.

Dubbed PonyFinal, this ransomware is somewhat different as it bases on Java.

As explained by Microsoft, the attackers gain access to the target firm’s system via brute force. They then deploy components to execute the attack. As stated,



Though, Microsoft suggested that the attackers may also target the endpoints with pre-installed JRE by using stolen details.

Finally, an MSI file delivers the payload ransomware.



Another distinction of this ransomware is that it has human operators at its back. It means the attackers specifically deploy this ransomware after breaching the target networks.



The following image depicts a PonyFinal ransomware attack scenario.



Upon breaching the target network, the attackers do not start taking over the system randomly. Rather they wait for the right time and then encrypt files at a specified time. The ransomware then adds a .enc extension to the file names and places a ransom note in the text file.

Active Attacks Detected In The Wild



Therefore, all organizations must double-check the security status of their IT infrastructure to prevent any mishaps.

source