Ransomware that the FBI has been warning about since early October 2019, continues to evolve and develop into a greater threat for Windows 10 users.
Back on October 2nd, 2019, the FBI issued a warning against a threat that turned out to be powerful ransomware. However, a detail that made matters infinitely more complex is a part of the warning that says that hackers are upgrading it and changing their technique to make attacks more effective, as well as stealthier.
State of Emergency
Failure to properly prepare against the ransomware resulted in a disaster in the City of New Orleans, which recently had to declare a state of emergency due to an attack. The same threat hit Maastricht University on December 23rd, encrypting almost all Windows systems.
Now, security researchers reveal that the ransomware — known as Clop — has the ability to kill 663 Windows processes before it even starts encrypting Windows files. The ransomware has come a long way since it originally emerged as a relatively simple variant of the CryptoMix ransomware family, which happened back in March 2019.
— Trend Micro Research (@TrendMicroRSRCH) January 7, 2020
While it was a nuisance, it was not considered to be anything special or particularly troubling. However, it wasn’t long before hackers started tweaking it and upgrading it, which led it to target entire networks, instead of one device at a time.
It quickly gained new abilities, such as disabling Windows Defender, removing Microsoft Security Essentials, and even Anti-Ransomware and Malwarebytes protections. According to researchers, the group responsible for it calls itself TA505, and it has ties to Russia.
Windows 10 Ransomware Can Kill 663 Apps Before Encrypting Files
Meanwhile, with Windows being the most commonly targeted OS, it wasn’t long before hackers tweaked the malware, equipping it with new tools and processes, allowing it to target Windows apps and processes.
As discovered in late 2019, the ransomware can now terminate around 663 processes. Even researchers behind Bleeping Computer, who were following its actions in November, are not sure why some of these processes are targeted.
— The Boardtown Blast (@boardtownblast) November 22, 2019
For now, researchers suggest that the best way to fight the malware is to be prepared and not get infected in the first place. This comes with preventing vulnerabilities, updating software, not downloading suspicious files, not opening suspicious, unknown emails, and alike.
Images are courtesy of Twitter, Shutterstock, Pixabay.