pEaKyBlNdE ransomware is a type of malware known as ransomware. This malware encrypts all the files on a computer until the user pays a ransom. Files encrypted by pEaKyBlNdE will have a .pEaKyBlN extension appended at the end of the file name. This malware is delivered through a Win32 EXE file and has been spotted inside the following files and processes: ['og8YMXsfIeS24ry.exe', '120c4d2a039fa42ce4d6f97898effd19.virus']
What is Ransomware?
Ransomware is a form of malware that encrypts files on an infected computer, either individually or as a whole system. The attacker then demands a ransom when they have gained access to the system. The ransomware is often delivered as a file attached to an email. The hacker sends the infected file to a user and when the user opens the file, it is activated and locks the computer.
How Does Ransomware Spread?
Ransomware can spread in a few different ways. The most common way that ransomware spreads is through phishing emails. The ransomware is attached to the email, is downloaded and then executed on the victim's computer. Another way is through drive-by downloads on websites or malvertising. The ransomware is downloaded without the user's knowledge. The ransomware can also be spread through removable media, such as USB drives, SD cards and DVDs.
pEaKyBlNdE Ransomware Capabilities
pEaKyBlNdE ransomware uses Process Injection attack techniques to evade process-based defenses and gather detailed system information about the target operating system and hardware. The ransomware can use this information to determine whether or not to fully infect the target and/or to take specific actions.
Mitigations Against pEaKyBlNdE Ransomware
Ransomware can be mitigated by configuring endpoint security solutions to block process injection. Additionally, keeping software up to date can help to minimise the risk of ransomware attacks.
How to Protect Against Ransomware?
Several steps can be taken to ensure that a ransomware attack does not gain access to a system. First, make sure that all systems are running up-to-date software with the latest security patches installed. This will reduce the likelihood of a system being compromised by a vulnerability that has been patched. Second, ensure that all systems are patched as soon as security patches become available. Third, apply a multilayered approach to security. This includes using antivirus software, application whitelisting, and application control to help prevent malicious programs from running on a system. Finally, make sure that all systems are not accessible from the internet unless necessary. This can help prevent systems from being targeted by remote attackers.