LTS Secure Warning: Taking A Look At VHD Ransomware

Targeted ransomware attacks against enterprises have been on the rise in the recent years due to the financial gains they can bring. Recently, security researchers have identified such targeted ransomware attacks, using a new strain of ransomware, dubbed “VHD”.

Technical Details

The analysis of the ransomware determined that it is written in C++, encrypts files (uses AES-256 in ECB & RSA-2048) on all connected disks and deletes any folder called “System Volume Information”. To further ensure that, important files don’t get locked, the program stops processes such as:

• Microsoft Exchange
• SQL Server

The program also has a mechanism in place to resume its operations, in case the encryption process is interrupted, due to any reason. The included spreading utility, ensure that the ransomware propagates to other systems inside the network.

Impact

• Downtime in Business Critical operations.
• Permanent loss of Sensitive/Confidential data.
• Operational and financial loss to the Business/Individual.

Recommended Actions

• Create a solid backup strategy
• Avoid Opening emails & attachments from unknown senders.
• Ensure that your devices are always up-to-date with the latest patches released.
• Regularly update your antivirus software & perform malware scans to protect against unknown threats.
• Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.