Language: rus ukr eng


Saturday, 14 June
Mobile version  | RSS
News Ukraine Russia Peace Business Society Artistic and Culture Sports Policy PE Science and Health Photo Report Video

The new extortion software Sorebrect is capable of introducing malicious code

18 June 2017, 22:55 | Technologies
photo InternetUA
Text Size:

With each passing day, intruders are becoming more inventive and developing innovative, more hidden attacks techniques. A striking example of this is the new family of Sorebrect, a free-of-charge extortion software, recently discovered by Trend Micro.

Unlike other cryptographers, Sorebrect is focused on corporate systems. The program introduces malicious code that initiates the encryption process to legitimate system processes (svchost. Exe) on the target computer, and then self-destruct to avoid detection.

Sorebrect accesses administrative credentials using the bruteforce or other techniques and uses Microsoft Sysinternals PsExec (a command-line utility) to encrypt files. As explained by the researchers, PsExec allows attackers to remotely execute commands without having to authorize or manually transfer malware to a remote computer.

The extortion also scans the local network for computers with public folders. Then Sorebrect deletes all entries in the event log (using wevtutil. Exe), as well as shadow copies of files on the infected computer. Similar to other malicious programs, Sorebrect uses Tor to communicate securely with the management server.

According to experts, Sorebrect is designed to attack enterprise systems in various areas, including industrial, technological and telecommunications. Until recently, the main targets of attacks were organizations in the Middle East, particularly Kuwait and Lebanon, but since May of this year, experts have begun to record attacks targeting users in Canada, China, Croatia, Italy, Japan, Russia, Mexico, Taiwan and the United States.



Extortion software - the type of malicious software that blocks access to the computer and requires a cash payment in return. The size of the foreclosure and the reason for the lock depend on the specific virus.

Utility wevtutil. Exe, starting with Windows 7, is a standard component of the system and is designed to retrieve a list of log names, manage their configuration, retrieve a list of event sources, install or remove publishers and event logs from the manifest, retrieve log status information, and clean up, archive And exporting system logs.




Add a comment
:D :lol: :-) ;-) 8) :-| :-* :oops: :sad: :cry: :o :-? :-x :eek: :zzz :P :roll: :sigh:
 Enter the correct answer 
News archive "Technologies"
Ad
© 2009 - 2025 NewsMe. All rights reserved.
The site administration is not responsible for information what put in, as well as its reliability. Use material NewsMe permitted only for reference (for internet issues - hyperlinks) on NewsMe.com.ua.

Наши проекты: