Lab

Ranstop thwarts Deadmin ransomware attack

Ransomware test subject – Deadmin

Part of sophisticated network attacks targeting mostly businesses, Deadmin is a new ransomware pushed by hackers and cybercriminals on poorly protected systems.

The malicious software bundle comes with a plethora of features, which certainly will cause panic among system administrators and users. It includes password collectors, remote login hacking tools, port scanners, remote execution tools, brute force tools, which all work together to damage as much of the network as possible. The penetration of the vulnerable systems continues with the ransomware attack itself. 

Deadmin ransomware – test findings

The ransomware itself is not that complex, as it behaves like any other ransomware. Still, the files attacked by Deadmin are impossible to decrypt for now. Deadmin will first scan the system for a list of processes and services to kill. By terminating most of them, it will ensure that most of the user’s files will get encrypted. The list is quite long, and it includes database tools, as well.

Encrypted files are renamed, the “[DeAdmin@cock.li].DEADMIN” suffix is appended to each of them. After the encryption process, it drops the ransom note on the desktop, which is a basic note with a few instructions on how to recover the files.

Deadmin is just one of a long list of ransomware which appeared in the past few weeks. Unfortunately, targeted attacks also grew, and the list also includes hospitals. A study (https://onlinelibrary.wiley.com/doi/full/10.1111/1475-6773.13203) shows that patients are affected by the ransomware attacks. Schools are not exempted, California School District being one of the recent victims. Quite a few government organizations were also hit by ransomware, among them Johnson City’s Municipal Computer Systems and the City of Johannesburg. 

The private sector is one of the most attacked. Canadian organizations, French TV channels (M6) and U.S. financial institutions were all severely affected by ransomware attacks in the last few weeks.

Deadmin ransomware vs Ranstop – test results

TEMASOFT Ranstop detects this version of Deadmin ransomware soon after it starts encrypting files. Upon detection, alerts are triggered, and the malware process is stopped and quarantined. The altered files are automatically recovered so that the user doesn’t lose any critical document.


Click here to watch TEMASOFT Ranstop blocking Deadmin ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.


 
 

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023