Paradise Ransomware Using Internet Query Files To Deliver Payload

March 25, 2020

Written by wukovits

The Paradise ransomware is like a bad penny; it just keeps turning up.

The strain first appeared back in 2017, when it was spread far and wide via phishing emails. Then it seemed to fall out of favor for a while, and now, it’s back again. Even worse, it’s back with a new trick up its virtual sleeves. In its latest incarnation, it’s still being spread via phishing emails.

Now, its controllers are leveraging interest in IQY (Query) files, which are text files read by Microsoft Excel to grab data from the internet. Given that fact, IQY is a completely legitimate file extension, so most organizations don’t even think to block it.

The researchers at Lastline who discovered the latest campaign had this to say about it:

We’re seeing attacks using IQY files because many commodity security products and automated systems do not, or cannot, parse these file types. Attackers realize they have a very good chance of making it past rudimentary defenses.”

The approach seems to be working as Paradise’s phishing emails are being opened by unsuspecting users at an alarming rate. Of interest, the researchers found evidence in the code that this strain is still a work in progress. Consider this latest campaign to be a beta test for the redesigned code.

Lastline’s researchers had something to say about that as well:

Malware authors will often deploy malware that isn’t quite ready for prime time yet – they want to see how successful early versions of a new campaign are and how detectable their malware is against security products.”

As is the case with most ransomware, this one is designed to sniff out high value files, exfiltrate them to a command and control center, then encrypt everything and demand a ransom. As such, it has to be regarded as a genuine threat and is certainly one to keep a watchful eye out for.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.