Security News > 2020 > May > PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time
2020-05-28 15:59

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector.

As for the infection routine, "The PonyFinal ransomware is delivered through an MSI file that contains two batch files and the ransomware payload," researchers explained.

PonyFinal is part of an ongoing set of ransomware campaigns that tend to stay dormant and wait for the best time to execute for the most financial gain, Microsoft said.

"Using an attack pattern typical of human-operated ransomware campaigns, attackers have compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks," according to Microsoft.

"They all used the same techniques observed in human-operated ransomware campaigns: Credential theft and lateral movement, culminating in the deployment of a ransomware payload of the attacker's choice."


News URL

https://threatpost.com/ponyfinal-ransomware-enterprise-servers/156083/