Monday, June 24, 2019
  • Sharing PHI, PII, and PCI in the Cloud?
  • Yikes! WeTransfer sends users’ files to the wrong people, says it doesn’t know what happened
  • How can UK Financial Services Organisations Combat the Cyber Threat?
  • Cyber Risk Insurance Sector to Reach $7.5 Billion by End of the Decade, PwC Says
  • DoH! Will the new protocol change how infosec professionals work

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » STOP Ransomware Variant Installing Azorult Infostealer

STOP Ransomware Variant Installing Azorult Infostealer

by David Bisson on March 11, 2019

A variant of the STOP ransomware family is downloading the Azorult infostealer onto victim’s machines as part of its infection process.

Security researcher Michael Gillespie was the first to detect this malicious activity. While testing some of the crypto-malware family’s newer variants, he noticed that some of them were creating traffic indicative of Azorult. Aside from stealing victims’ usernames and passwords stored in their browsers and desktop files along with their Skype credentials, browser history and other data, this trojan has a history of installing other threats like GandCrab onto compromised machines.

Bleeping Computer decided to verify Gillespie’s findings by downloading and installing a recent sample of STOP ransomware that appends “.promorad” to each affected file’s name. It wasn’t disappointed. Lawrence Abrams, creator and founder of Bleeping Computer, explains as much in a blog post:

The Promorad Ransomware variant samples we tested also download a file named 5.exe and executed it. When executed, the program will create network traffic that is identical to known command & control server communications for the Azorult information-stealing Trojan.

Azorult Network Communication. (Source: Bleeping Computer)

Abrams took the additional step of submitting the malicious file to VirusTotal. In response, numerous security vendors detected the asset as an information-stealing trojan.

Users face the risk of password exposure should they suffer an infection at the hands of the STOP Promorad ransomware variant. As a result, they should make sure they stay on top of their software updates and exercise caution around suspicious email attachments. They should also follow these additional ransomware prevention tips.

If they do experience an infection of STOP Promorad ransomware variant, users should take the extra step of changing all of their passwords employed for their online accounts. They should also review their desktop files to determine what types of private (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/stop-ransomware-variant-installing-azorult-infostealer/

March 11, 2019March 11, 2019 David Bisson AZORult, IT Security and Data Protection, Latest Security News, Password, Ransomware
  • ← A Nut Worth Cracking
  • The Many Benefits of a Cloud Access Security Broker →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

VMware Moves to Close Cybersecurity Loop
Who’s Responsible for a Cloud Breach? It Depends
Zero Trust: 3 Things to Consider
Threat Stack Embeds Application Security Monitoring Tool
The Legality of Waging War in Cyberspace
Cyber Security Challenges in Healthcare IoT Devices
One Year After GDPR: Is Our Personal Data Safer?
Designing a more secure future for the IoT
Circle City Con 2019, Lisa Wallace’s ‘Beginning DFIR: How To Get Started With Cooties’
More Than 10M Australians Affected by a Single Data Breach, Reveals OAIC

Upcoming Webinars

Mon 24

DevSecOps Challenges in a Cloud Native World

June 24 @ 1:00 pm - 2:00 pm
Thu 27

Demystifying PCI Software Security Framework: All You Need to Know for Your AppSec Strategy

June 27 @ 11:00 am - 12:00 pm
Jul 31

Get Your Secure Development Initiatives in Shape: a 30, 60, 90-day Approach

July 31 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Vendor Risk Management: The Secret Ingredient
Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

Vendor Risk Management: The Secret Ingredient

June 24, 2019 Marc Lotti | 6 hours ago 0
Is the Insurance Loophole the Newest Threat Vector?
Cybersecurity Incident Response Industry Spotlight Security Boulevard (Original) 

Is the Insurance Loophole the Newest Threat Vector?

June 21, 2019 Jeff Costlow | 3 days ago 0
Who’s Responsible for a Cloud Breach? It Depends
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

Who’s Responsible for a Cloud Breach? It Depends

June 20, 2019 Scott Gordon | 4 days ago 0

Top Stories

Huge Ransomware FUBAR at Florida Beach Town
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

Huge Ransomware FUBAR at Florida Beach Town

June 21, 2019 Richi Jennings | 2 days ago 0
Threat Stack Embeds Application Security Monitoring Tool
Cybersecurity DevOps Featured News Security Boulevard (Original) Spotlight 

Threat Stack Embeds Application Security Monitoring Tool

June 19, 2019 Michael Vizard | 4 days ago 0
VMware Moves to Close Cybersecurity Loop
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

VMware Moves to Close Cybersecurity Loop

June 19, 2019 Michael Vizard | 4 days ago 0

Security Humor

PSA: How To Go Mad Resetting GE Light Bulb Firmware, The 8 Second Rule

PSA: How To Go Mad Resetting GE Light Bulb Firmware, The 8 Second Rule

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

WAF Signal Sciences application firewall security

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.