Security News > 2020 > May > PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time
A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector.
As for the infection routine, "The PonyFinal ransomware is delivered through an MSI file that contains two batch files and the ransomware payload," researchers explained.
PonyFinal is part of an ongoing set of ransomware campaigns that tend to stay dormant and wait for the best time to execute for the most financial gain, Microsoft said.
"Using an attack pattern typical of human-operated ransomware campaigns, attackers have compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks," according to Microsoft.
"They all used the same techniques observed in human-operated ransomware campaigns: Credential theft and lateral movement, culminating in the deployment of a ransomware payload of the attacker's choice."
News URL
https://threatpost.com/ponyfinal-ransomware-enterprise-servers/156083/
Related news
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)