Malware turning Microsoft PCs into Zombie Proxies n new details on Baltimore ransomware attack

281

Researchers from Cisco Talos in commission with Microsoft have discovered a new kind of malware strain which is being dubbed as Zombie Proxies. News is out that the malware has already infected thousands of PCs across the US and Europe and is being technically called as Nodersok and Divergent by Microsoft respectively.

According to the sources reporting to Cybersecurity Insiders the malware campaign which is currently active only in western countries makes users download and run an HTML app often distributed by malicious ads. The malicious tool obscures itself by hijacking the operational features of NodeJS, a program that executes Javascript outside a browser and a WinDivert program that captures and disports network packets.


What’s more concerning about this find is that the malware can disable the features of Microsoft’s Windows Defender and other anti-malware solutions which prevail in the cyber landscape.
Cisco Talos believes that the purpose of introducing Nodersok and Divergent was to facilitate click frauds which were estimated to have caused a $19 billion loss in 2018.

Meanwhile, the ransomware attack which took on the IT infrastructure of Baltimore city has taken a new turn last week when some astonishing events were unraveled in a probe conducted by security experts.

It’s learned in the investigation that most of the staff of the Baltimore City stored files on their local hard drives which has made the data recovery almost impossible after the ransomware attack on May 7th this year.

The city’s outdated approach came into light last week when a committee from the city council investigated the incident at a granular level.

Josh Pasch, the auditor at Baltimore confirmed that the city needs a new IT policy which ensures that all PCs were being centrally backed up.