Analyzing the Fileless, Code-injecting SOREBRECT Ransomware

Fileless threats and ransomware aren’t new. Trend Micro conducted an analysis of Code-Injection SOREBRECT extortionists. When working with this virus, the samples showed SOREBRECT unusual methods that it uses to encrypt the data of its victim.

 


For the first time, SOREBRECT was discovered at the beginning of the second quarter of 2017, and there was a low distribution base, which was originally concentrated on the Middle East countries like Kuwait and Lebanon.

 

Given ransomware’s potential impact and profitability , it wouldn’t be a surprise if SOREBRECT turns up in other parts of the world, or even in the cybercriminal underground where it can be peddled as a service.

 

Methods for defending against ransomware:
1. Restrict user write permissions.
2. Limit privilege for PsExec.
3. Back up files.
4. Keep the system and network updated.
5. Foster a cybersecurity-aware workforce.
6. Deploy multilayered security mechanisms.

You can learn more about SOREBRECT here.