Click to chat
  • Solutions
    • Solutions
    • Artificial Intelligence
    • Data Analytics
    • Epicor for Distribution
    • Epicor for Manufacturing
    • IT Support
    • Managed Services
    • Microsoft 365
    • Microsoft Azure
    • Microsoft Licensing Support
    • Security
  • Innovation
    • Innovation
    • AI for Epicor
    • Cybersecurity
    • Data Analytics
    • Epicor in Azure
    • Epicor Kinetic ERP
    • Microsoft 365
    • Microsoft Azure
    • SaaS
  • Helpdesk
  • Resources
    • Resources
      • Resources
      • 2W Conversations
      • News Releases
      • Product Demo’s
      • Quick Tech Talks
      • Webinars
    • Blogs
  • About 2W
    • About Us
    • Contact Us
    • IT News
  • Join the Team
  • Client Login
  • Solutions
    • Solutions
    • Artificial Intelligence
    • Data Analytics
    • Epicor for Distribution
    • Epicor for Manufacturing
    • IT Support
    • Managed Services
    • Microsoft 365
    • Microsoft Azure
    • Microsoft Licensing Support
    • Security
  • Innovation
    • Innovation
    • AI for Epicor
    • Cybersecurity
    • Data Analytics
    • Epicor in Azure
    • Epicor Kinetic ERP
    • Microsoft 365
    • Microsoft Azure
    • SaaS
  • Helpdesk
  • Resources
    • Resources
      • Resources
      • 2W Conversations
      • News Releases
      • Product Demo’s
      • Quick Tech Talks
      • Webinars
    • Blogs
  • About 2W
    • About Us
    • Contact Us
    • IT News
  • Join the Team
  • Client Login
Contact Us
Home / IT News / PonyFinal Has a New Twist on Ransomware

PonyFinal Has a New Twist on Ransomware

06/02/20
Categories:
  • human-operated ransomware
  • Java-based ransomware
  • Manufacturing
  • Microsoft 365
  • Microsoft Gold Partner
  • PonyFinal
  • Ransomware
  • technology service provider

Last week, Microsoft’s security team issued an advisory to organizations around the world to use protection against a new form of ransomware that has been circulating for about two months. PonyFinal is a Java-based ransomware that is deployed in human-operated ransomware attacks. Human-operated ransomware is a subsection of the ransomware category.

Through these attacks, hackers breach corporate networks and deploy the ransomware themselves. Traditional ransomware attacks are distributed through email or exploit kits, where the infection process relies on fooling the users into launching the payload.

For this type of attack, the intrusion point is usually an account on a company’s systems management server, which the PonyFinal gang breaches using brute-force attacks that guess weak passwords. Once inside, the PonyFinal gang deploys a Visual Basic script that runs a PowerShell reverse shell to dump and steal local data. In addition, the ransomware operators also deploy a remote manipulator system to bypass event logging.

Once the PonyFinal gang has a grasp on the target’s network, they then spread to other local systems and deploy the actual ransomware.

Microsoft says files encrypted with the PonyFinal ransomware usually have an additional “.enc” file extension added to the end of each encrypted file. The ransom note is typically a text file named README_files.txt containing ransom payment instructions.

So far, victims have been primarily in the healthcare sector and in the U.S., Iran and India.

Now that you know about the PonyFail ransomware software, you can avoid becoming the next victim. 2W Tech can ensure you get the right solutions implemented to protect your Microsoft 365 from ransomware attacks and other outside threats. We are a technology service provider specializing in manufacturing solutions, as well as a Microsoft Gold Partner. Give us a call today to get started.

Read More:

Epicor ERP 10.2.600 Generally Available

Use Xaas To Buy Your IT Staff Time for Bigger Initiatives

Back to IT News

Copyright © 2025, 2W Technologies, Inc.

2W Tech is a leading technology service provider specializing in cutting-edge solutions for the manufacturing and distribution industry, including Epicor ERP, Epicor P21, IT support and infrastructure, Azure cloud services, Microsoft 365, cybersecurity, artificial intelligence, data analytics, and comprehensive managed technology programs.

Epicor in AzureTM and ResolveIQTM are registered trademarks of 2W Technologies, INC.

As an esteemed Epicor Platinum Elite Partner and a Microsoft Tier 1 Cloud Services Partner, we are dedicated to delivering unparalleled service and support. For more information, please contact us at 262-686-5070 or visit our website here.