1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A lone-wolf researcher has turned the table on the hackers

    From TechnologyDaily@1337:1/100 to All on Wed May 4 13:45:03 2022
    A lone-wolf researcher has turned the table on the hackers

    Date:
    Wed, 04 May 2022 12:32:52 +0000

    Description:
    There's a way to prevent ransomware from encrypting files on an infected endpoint.

    FULL STORY ======================================================================

    A researcher going by the name hyp3rlinx has discovered that some of the most popular ransomware strains, such as Conti, REvil, LockBit, including many others, carry a flaw that makes them vulnerable to DLL hijacking.

    By exploiting the flaw, the researcher was able to prevent the ransomware
    from its key selling proposition - encrypting files.

    As reported by BleepingComputer , DLL hijacking is usually used to inject malicious codes into legitimate applications. For these ransomware strains, however, the researcher created a proof of concept, and recorded a demo video showcasing how its done.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. DLL hijacking

    DLL hijacking exploits how apps search and load memory in the Dynamic Link Library (DLL) files. A program that does not have enough checks can load a
    DLL from a path outside its directory, essentially elevating privileges and allowing for arbitrary code execution.

    In this case, the researcher created a unique code and compiled it into a DLL with a name familiar to the ransomware. It is also important, the researcher stresses, that the DLL is placed in a location where ransomware operators usually place and run their malware , such as a network location with key data. Read more

    The number of ransomware attacks continues to skyrocket - but that's not
    even the worst part



    These fake Windows 10 updates will land you with a ransomware infection



    This spiteful new ransomware strain is even more dangerous than usual

    That would kill the ransomware in its inception.

    What makes this method even more deadly is the fact that it cant be
    classified as a security solution, and as such, cannot be bypassed in the way ransomware strains usually bypass antivirus and other cybersecurity
    solutions.

    The big question is - how long will this mitigation measure last? Ransomware operators often update and upgrade their products, and if this is a newly discovered flaw, its probably only a matter of time before it gets patched
    up.

    Unfortunately, ransomware operators are quite fast and diligent, and we can expect the hole to be plugged sooner, rather than later. Defend your devices from ransomware with the best endpoint protection services right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/a-lone-wolf-researcher-has-turned-the-table-on- the-hackers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)