Microsoft's security team has revealed new ransomware that is used in attacks on people. It uses "violent force" against the server managing the target company's systems, and in the face of the crisis, COVID-19 is targeted mainly at the healthcare sector.
According to a series of tweets published by the technological giant on May 27th, a man-made "PonyFinal" attack requires hackers to break the corporate network security system in order to manually implement ransomware software.
This means that PonyFinal does not involve screwing in users to launch a load via phishing links or emails.
Based on Java, PonyFinal implements the Java Runtime Environment, or JRE. Evidence found by Microsoft shows that attackers use information stolen from the system management server to attack endpoints where the JRE is already installed.
The report also states that the ransom is delivered via an MSI file, which contains two batch files, including a load that will be activated by the attacker.
Phillip Misner, Director of Research at Microsoft Threat Protection, explains that there are other manned ransomware campaigns such as Bitpaymer, Ryuk, Revil and Samas. PonyFinal was first detected in early April.
The ransom attacks are still being carried out in various parts of the world in the middle of the COVID-19 crisis, many of which are targeted at healthcare companies.
