Home Resources Blog First-Ever Ransomware Found Using Using ‘Process Doppelgänging’ Attack to Evade Detection

First-Ever Ransomware Found Using Using ‘Process Doppelgänging’ Attack to Evade Detection

Admin Globaldots
11.05.2018
image 1 Min read

Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection.

The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS, including Windows 10.

Process Doppelgänging attack works by using NTFS transactions to launch a malicious process by replacing the memory of a legitimate process, tricking process monitoring tools and antivirus into believing that the legitimate process is running.

Security researchers at Kaspersky Lab have now found the first ransomware, a new variant of SynAck, employing this technique to evade its malicious actions and targeting users in the United States, Kuwait, Germany, and Iran.

Image Source

Read more: The Hacker News

Learn More

Streamline Your Alert Management with Groupings
Monitoring, Logging & Observability
Admin Globaldots 02.02.23

Alerting is crucial for avoiding outages, not just responding to them. That’s why GlobalDots is adopting an innovation that revolutionizes the way alerts are processed, enabling teams to achieve their goals proactively and resolve issues quickly. Handling alerts on a large scale can be difficult, especially when dealing with hundreds or even thousands of alerts. […]

Read more
You’ll Need Zero Trust, But You Won’t Get It with a VPN
SD-WAN and SASE
Eyal Webber Zvik, Cato Networks 12.01.23

Properly implemented, a zero trust architecture provides much more granular and effective security than legacy security models. However, this is only true if a zero trust initiative is supported with the right tools. Legacy solutions, such as virtual private networks (VPNs), lack the capabilities necessary to implement a zero trust security strategy. Zero Trust Security is […]

Read more
4 Ways Where Remote Access VPNs Fall Short
SD-WAN and SASE
Eyal Webber Zvik, Cato Networks 09.01.23

The Global Content Delivery Network (CDN) market is expected to grow by $42.4 billion between now and 2032.

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo