Difficult to detect, hiding its window by using the ShowWindow function in Windows
A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack.
Once it executes, the ransomware hides its window by using the ShowWindow function in the system, giving it a parameter of 0. Once it verifies that the victim's system isn't running in a VM, HavanaCrypt downloads a file from Microsoft's web hosting service IP address, saves it as a batch file and runs it. The malware terminates more than 80 processes, including those that are part of database-related applications like Microsoft SQL Server and MySQL as well as desktop software, such as Office and Steam. It then deletes shadow copies of files.
During encryption, HavanaCrypt uses the CryptoRandom function in KeePass Password Safe – an open-source password management tool used mostly for Windows – to generate random keys, appending the".Havana" extension to the encrypted files.
日本 最新ニュース, 日本 見出し
Similar News:他のニュース ソースから収集した、これに似たニュース記事を読むこともできます。
Kakao removes external payment method amid Google standoffGoogle gets its way after meeting with internet company and Korea Communications Commission
続きを読む »
Kate Garraway shares upsetting update on husband Derek DraperKate Garraway shares upsetting update on her husband Derek Draper after his return to hospital
続きを読む »
Kakao removes external payment method amid Google standoffGoogle gets its way after meeting with internet company and Korea Communications Commission
続きを読む »
'Danger to life' heat warning issued over rise in temperaturesThe Met Office has issued an update
続きを読む »