Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gad_Naveh
Employee Alumnus
Employee Alumnus

New German Wiper Blocked By SandBlast Agent Zero Day Prevention

A thread on bleeping computer describes an outburst of a new Wiper Malware. This wiper mimics Ransomware behavior but instead of encrypting the files it fills them with zeros (Nulls).

Our SandBlast Agent Anti-Ransomware zero day prevention detects and remidiate this attack without a need to update or signature usage. 

The files are encrypted in our honeypot

EncryptedFilesnig1a.png

File is indeed filled with Nulls and not possible to decrypt

EncryptedFileWithNulls.png

SandBlast Agent Anti-Ransomware detects the ransomware process encrypting the files

EncryptionDetectedBySBAAntiRansomware.png

SandBlast Agent restores the files

EncryptedFileRestored.png

 

The infection is based on powershell script, I will move next to test this versus our File-Less infection prevention and update.

 

Thanks,

Gadi

 
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events