Difficult to detect, hiding its window by using the ShowWindow function in Windows
A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack.
Once it executes, the ransomware hides its window by using the ShowWindow function in the system, giving it a parameter of 0. Once it verifies that the victim's system isn't running in a VM, HavanaCrypt downloads a file from Microsoft's web hosting service IP address, saves it as a batch file and runs it. The malware terminates more than 80 processes, including those that are part of database-related applications like Microsoft SQL Server and MySQL as well as desktop software, such as Office and Steam. It then deletes shadow copies of files.
During encryption, HavanaCrypt uses the CryptoRandom function in KeePass Password Safe – an open-source password management tool used mostly for Windows – to generate random keys, appending the".Havana" extension to the encrypted files.
Ireland Latest News, Ireland Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Kakao removes external payment method amid Google standoffGoogle gets its way after meeting with internet company and Korea Communications Commission
Read more »
Kate Garraway shares upsetting update on husband Derek DraperKate Garraway shares upsetting update on her husband Derek Draper after his return to hospital
Read more »
Kakao removes external payment method amid Google standoffGoogle gets its way after meeting with internet company and Korea Communications Commission
Read more »
'Danger to life' heat warning issued over rise in temperaturesThe Met Office has issued an update
Read more »