Dridex Malware Transmits Entropy Ransomware
Table of Contents
- By David Lukic
- Published: Feb 24, 2022
- Last Updated: Mar 18, 2022
Entropy ransomware is being deployed on targeted computers. The ransomware is sent through Dridex malware. Entropy is one of the least common forms of ransomware, yet it can cause significant problems. Digital security specialists insist. Entropy ransomware is the result of Dridex malware. Let’s take a closer look at this unique digital attack.
How is Entropy Ransomware Transmitted?
Entropy ransomware parallels Dridex malware in that both use a software packer to hide ransomware code. The software packer within the malware subroutines pinpoints and masks commands referred to as API calls. The software packers are also used within subroutines that hide text that has been encrypted.
The similarities between Dridex and Entropy were identified after several unrelated cyber security incidents. Those incidents zeroed in on an unidentified media business and a government office. The use of Entropy occurred after the networks were infected with Dridex and Cobalt Strike Beacons, providing the digital miscreants with remote access to the targeted machines.
The attacks described above were quite similar, yet they also had some significant differences of note. The vector used to access the network was unique to each. Furthermore, the amount of time spent within the environments also differed. The final stage of each digital attack also employed distinct malware.
The Entropy and Dridex attacks are likely from the same point of origin. Furthermore, digital forensics specialists have determined the connections between the source of each form of malware are also similar. Indrik Spider, also known as Evil Corp, a Russian-based hacking collective, is likely responsible for the Dridex trojan. It is also believed that Entropy stems from similar hacking groups.
How Can Computer Users Defend Against Dridex Malware?
The Evil Corp hacking group is making strides to advance the complexity of its latest malware attack. Though the group has been sanctioned, its payload signatures are improving by the day. The group is also advancing its tools used for exploitation and its methods used to obtain initial access.
Evil Corp’s tools have advanced to the point that they can mask the attack attribution to the point that it is nearly impossible for targets to identify the digital aggression. However, companies, organizations, and everyday computer users can do a couple of things to safeguard their systems against this idiosyncratic digital attack.
Evil Corp’s digital miscreants capitalize on targets’ lack of due diligence. The targeted computer users were using comparably weak Windows systems that had insufficient updates and patches. If the machines were adequately patched, the attackers would have had to spend significantly more time to obtain access to the targeted systems.
To be more specific, it is in the interest of every computer user to use multi-factor authentication for an additional layer of security. Though multi-factor authentication requires an extra step to log into a computer system, it is worth it as it creates a significant challenge for unauthorized parties to access the machine. Click here to learn more about the industry’s latest internet, computer, and digital security protections.