Saturday, May 4, 2024
Home Cyber Attack PonyFinal- Ransomware Attack Manually to the Organization

PonyFinal- Ransomware Attack Manually to the Organization

Recently, The security team of Microsoft has issued a warning notice for the organizations around the world to implement all the necessary protection on the variety of ransomware, PonyFinal, that has been around for the last two months. A java based ransomware attack enterprise server network servers to lock the sensitive data.

Microsoft Security has announced that pony final is a new variety of ransomware and it not an automatic threat it was manually controlled ransomware.

In summary, this is human-operated ransomware attacks and the attackers hit the corporate networks to deploy the ransomware.

PonyFinal- Ransomware Attack Manually to the Organization
Source : Microsoft

Finding the tweet of Microsoft mentioned,” The ponyFinal is java-based ransomware that is deployed in human-operated ransomware attacks while the java-based ransomware is not unheard of, they’re not as common as other threat file types”

Microsoft also told the organization to find the mode of transmission for the PonyFinal.many organizations mention earlier they were under attacks of the PonyFinal ransomware.

How are the PonyFinal Functions?

First, the attacker finds the mode of attacking where they find the easy way to reach the target destination. They find the wat to reach the organization management system server where they use the PonyFinal and used the weak password methods which you know they might use a brute force attack and enter the organization. After all, they use to execute the ransomware on the server.

PonyFinal has the capabilities to encrypt the files of any server and the original file version name are the same but what they do next is change the file extension and save as “.enc”. The only way to decrypt the file was to use the original key of encryption and that was the main target for the attackers to create a manual ransomware success.

This is not the end of the attacker, they just left a note in “readme_files.txt “ on the server to describe the guide and the payment methods to get the original key.

PonyFinal- Ransomware Attack Manually to the Organization
Source: Microsoft

From the team Microsoft, The trojan is downloaded manually by the attackers and they basically choose the larger organization and select the password, gain access to the PowerShell command interface, and theme extract the sensitive information about the infected environment and spread it throughout the entire network.

After getting access to the Microsoft Powershell then they can easily attack and install PonyFinal on the directly attacked or the connected server. Most of the cases the attacker finds the way to target those servers which are running the java runtime platform(JRE).

According to the team, Before running the PonyFinal they installed the Java Runtime Environment(JRE) on the system. 

Microsoft recommends the organization to be alert before things get messy and try to be updated with your system’s new updates.

 

What did you think of this? Please! Write in the comment section and let us know?

 

Bipin Choudharyhttps://vednam.com
Bipin has been a passionate blogger for several years. He is a Cyber Security Enthusiast, Security Blogger, Technical Writer. He is always eager to know everything about the latest technology development and advancement. Author @ Vednam

3 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

7 Best Free Ethical Hacking Courses Online

  Ethical hacking is the practice of identifying vulnerabilities in computer systems and networks, using the same techniques and tools as malicious hackers. Ethical hackers,...

How does AuKill malware work?

AuKill Malware Actively Used to Disable EDR in Ongoing Attacks The cybersecurity landscape is constantly evolving, and attackers are always finding new ways to breach...

What is Black box hacking ? How Does it works ?

  Black box hacking refers to the process of testing a system, network or application for vulnerabilities without having any prior knowledge of its internal...

What is Penetration testing ? How does it works ?

  Penetration testing, or PenTesting for short, is a critical part of any comprehensive cybersecurity program. It involves testing the security of computer systems, networks,...

Recent Comments