Sophos identifies Buer malware delivering ransomware

460

Sophos Rapid Response services that were introduced recently to neutralize cyberattacks has identified a new malware in the wild. Dubbed as Buer, the malware is said to be delivering ransomware to Microsoft Windows PCs.

 


As per the discovery made by the security researchers of Sophos, Buer is known to target victims via spear-phishing attacks which then after is remotely controlled by its developers to deliver payloads such as file-encrypting malware.

 

“Time is a critical factor when a cyber threat targets a network as every second count between the time of initial compromise and neutralization in the attack lifecycle”, said Joe Levy, the Chief Technology Officer of Sophos.

 

Buer was identified by the Sophos Rapid Response team while neutralizing the effects of the new tools, techniques, and procedures propelled by those linked to the distribution of RYUK ransomware.

 

Note 1- Sophos Rapid Response team is an industry-first incident response service that helps in tracking down and neutralizing the attacks in its 45-day time frame of engagement. And as a part of this service, it offers a dedicated 24/7 team of incident responders, threat hunters, and threat analysts to block cyber-attacks and get rid of adversaries from networks thus cutting down costs and cuts down data recovery time.

 

Note 2- Buer malware has been detected in the wild since August 2019 and is being distributed through email campaigns. 

 

Note 3- A ransomware is a kind of malware that encrypts a database until a ransom is paid. Some ransomware spreading gangs first steal a portion of data and then lock down the database from access until a ransom is paid. And if the victim fails to pay the ransom, then that data is sold on the dark web for monetary benefits.