Tuesday, January 31, 2023
  • “Like we’re living through a war”: U.S. Road Deaths Hit 16 Year High
  • USENIX Security ’22 – Jay Bosamiya, Wen Shih Lim, Bryan Parno – ‘Provably-Safe Multilingual Software Sandboxing Using WebAssembly’
  • The Evolution of Data Privacy Laws
  • Google’s open source team layoffs: Your software supply chain security is at risk
  • Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 417’

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » STOP Ransomware Variant Installing Azorult Infostealer

SBN

STOP Ransomware Variant Installing Azorult Infostealer

by David Bisson on March 11, 2019

A variant of the STOP ransomware family is downloading the Azorult infostealer onto victim’s machines as part of its infection process.

TechStrong Con 2023Sponsorships Available

Security researcher Michael Gillespie was the first to detect this malicious activity. While testing some of the crypto-malware family’s newer variants, he noticed that some of them were creating traffic indicative of Azorult. Aside from stealing victims’ usernames and passwords stored in their browsers and desktop files along with their Skype credentials, browser history and other data, this trojan has a history of installing other threats like GandCrab onto compromised machines.

Bleeping Computer decided to verify Gillespie’s findings by downloading and installing a recent sample of STOP ransomware that appends “.promorad” to each affected file’s name. It wasn’t disappointed. Lawrence Abrams, creator and founder of Bleeping Computer, explains as much in a blog post:

The Promorad Ransomware variant samples we tested also download a file named 5.exe and executed it. When executed, the program will create network traffic that is identical to known command & control server communications for the Azorult information-stealing Trojan.

Azorult Network Communication. (Source: Bleeping Computer)

Abrams took the additional step of submitting the malicious file to VirusTotal. In response, numerous security vendors detected the asset as an information-stealing trojan.

Users face the risk of password exposure should they suffer an infection at the hands of the STOP Promorad ransomware variant. As a result, they should make sure they stay on top of their software updates and exercise caution around suspicious email attachments. They should also follow these additional ransomware prevention tips.

If they do experience an infection of STOP Promorad ransomware variant, users should take the extra step of changing all of their passwords employed for their online accounts. They should also review their desktop files to determine what types of private (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/stop-ransomware-variant-installing-azorult-infostealer/

March 11, 2019March 11, 2019 David Bisson AZORult, IT Security and Data Protection, Latest Security News, Password, Ransomware
  • ← A Nut Worth Cracking
  • The Many Benefits of a Cloud Access Security Broker →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

More Details of LastPass Breach: Hackers Used Stolen Encryption Key
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Chainguard Unveils Memory-Safe Linux Distribution
Securing Against Supply Chain Attacks
FTC Proposes Eliminating Non-Compete Clauses
What role does Cloud Computing play in Banking and Financial Services?
Get Started with Fairwinds Insights (Free Tier), Kubernetes Governance Platform
What’s New in Node.Js 19?
VMware vRealize Log Insight VMSA-2023-0001 IOCs
Job scams impersonate companies still hiring following tech layoffs

Upcoming Webinars

Feb 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Feb 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Feb 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Feb 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Feb 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Feb 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Feb 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Another Password Manager Leak Bug: But KeePass Denies CVE
Analytics & Intelligence API Security Application Security Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Malware Most Read This Week News Popular Post Securing Open Source Security Awareness Security Boulevard (Original) Social Engineering Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

Another Password Manager Leak Bug: But KeePass Denies CVE

January 31, 2023 Richi Jennings | Yesterday 0
Chainguard Unveils Memory-Safe Linux Distribution
Application Security Cybersecurity Featured Mobile Security Network Security News Security Awareness Security Boulevard (Original) Spotlight 

Chainguard Unveils Memory-Safe Linux Distribution

January 27, 2023 Michael Vizard | 4 days ago 0
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

January 27, 2023 Richi Jennings | 4 days ago 0

Security Humor

Robert M. Lee's & Jeff Haas' Little Bobby Comic - 'WEEK 417’

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 417’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.