Big Head Highlighting Ransomware Headlines
Big Head ransomware is new to the scene and is being distributed as part of a malvertising campaign that takes the form of either a bogus Microsoft Windows update or a Word Installers campaign. It was first documented last month when multiple variants of the ransomware that are designed to encrypt files on their victim’s machines in exchange for a cryptocurrency payment was discovered.
Big Head ransomware is a .NET binary that installs three AES-encrypted files on the target system: one to propagate the malware, one for Telegram bot communication, and the third encrypts files. Big Head is like other ransomwares in that it deletes backups, terminates several processes, and performs checks to determine if it is running within a virtualized environment before proceeding to encrypt the files. Where it gets more sophisticated is it disables the Task Manager to prevent users from terminating the process and aborts itself if the machine’s language matches that of Russian, Belarusian, Ukrainian, Kazakh, Kyrgyz, Armenian, Georgian, Tatar, and Uzbek. It also incorporates a self-delete function to erase its presence.
The multiple variants suggest Big Head is continuously developing, refining, and experimenting with various approaches to see what works best. Which means even though at its inception it does not seem too sophisticated, this could change over time.
Big Head is one of just several ransomware strands introduced over the last month. It just serves as a reminder; you can never get comfortable with your cybersecurity. Your security solutions stack must continually evolve, just as ransomware and malware continually evolves. If you need help with your cybersecurity solutions, give 2W Tech a call today! We have an experienced team of IT Consultants that can help ensure your organization is not only utilizing the proper technology but implementing security best practices as well.
Read More:
Microsoft Azure Artificial Intelligence
How to Choose the Right ERP Solution