Difficult to detect, hiding its window by using the ShowWindow function in Windows
A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack.
Once it executes, the ransomware hides its window by using the ShowWindow function in the system, giving it a parameter of 0. Once it verifies that the victim's system isn't running in a VM, HavanaCrypt downloads a file from Microsoft's web hosting service IP address, saves it as a batch file and runs it. The malware terminates more than 80 processes, including those that are part of database-related applications like Microsoft SQL Server and MySQL as well as desktop software, such as Office and Steam. It then deletes shadow copies of files.
During encryption, HavanaCrypt uses the CryptoRandom function in KeePass Password Safe – an open-source password management tool used mostly for Windows – to generate random keys, appending the".Havana" extension to the encrypted files.
Brasil Últimas Notícias, Brasil Manchetes
Similar News:Você também pode ler notícias semelhantes a esta que coletamos de outras fontes de notícias.
Kakao removes external payment method amid Google standoffGoogle gets its way after meeting with internet company and Korea Communications Commission
Consulte Mais informação »
Kate Garraway shares upsetting update on husband Derek DraperKate Garraway shares upsetting update on her husband Derek Draper after his return to hospital
Consulte Mais informação »
Kakao removes external payment method amid Google standoffGoogle gets its way after meeting with internet company and Korea Communications Commission
Consulte Mais informação »
'Danger to life' heat warning issued over rise in temperaturesThe Met Office has issued an update
Consulte Mais informação »