Monday, April 12, 2021
  • Identity Management Day: Cybercriminals No Longer Hack in, They Log In
  • ColorTokens Appoints Co-Founder Rajesh Khazanchi as CEO to Build an Industry Leader in Zero Trust Cybersecurity Solutions
  • BSides Philly 2020 – Jonathan Magen’s ‘SPNDL: Security Policy Notation And Description Language’
  • Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 324’
  • BSides Philly 2020 – Madeline Bright’s ‘Disabled Security: The Role Of Universal Design In Cybersecurity’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » STOP Ransomware Variant Installing Azorult Infostealer

STOP Ransomware Variant Installing Azorult Infostealer

by David Bisson on March 11, 2019

A variant of the STOP ransomware family is downloading the Azorult infostealer onto victim’s machines as part of its infection process.

Security researcher Michael Gillespie was the first to detect this malicious activity. While testing some of the crypto-malware family’s newer variants, he noticed that some of them were creating traffic indicative of Azorult. Aside from stealing victims’ usernames and passwords stored in their browsers and desktop files along with their Skype credentials, browser history and other data, this trojan has a history of installing other threats like GandCrab onto compromised machines.

Bleeping Computer decided to verify Gillespie’s findings by downloading and installing a recent sample of STOP ransomware that appends “.promorad” to each affected file’s name. It wasn’t disappointed. Lawrence Abrams, creator and founder of Bleeping Computer, explains as much in a blog post:

The Promorad Ransomware variant samples we tested also download a file named 5.exe and executed it. When executed, the program will create network traffic that is identical to known command & control server communications for the Azorult information-stealing Trojan.

Azorult Network Communication. (Source: Bleeping Computer)

Abrams took the additional step of submitting the malicious file to VirusTotal. In response, numerous security vendors detected the asset as an information-stealing trojan.

Users face the risk of password exposure should they suffer an infection at the hands of the STOP Promorad ransomware variant. As a result, they should make sure they stay on top of their software updates and exercise caution around suspicious email attachments. They should also follow these additional ransomware prevention tips.

If they do experience an infection of STOP Promorad ransomware variant, users should take the extra step of changing all of their passwords employed for their online accounts. They should also review their desktop files to determine what types of private (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/stop-ransomware-variant-installing-azorult-infostealer/

March 11, 2019March 11, 2019 David Bisson AZORult, IT Security and Data Protection, Latest Security News, Password, Ransomware
  • ← A Nut Worth Cracking
  • The Many Benefits of a Cloud Access Security Broker →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Time to Retire a Cybersecurity Cliché
Secrets Detection: An Emerging AppSec Category
Understanding EtterSilent and the Cybercrime Supply Chain
Should You Hire a Computer Forensics Specialist?
Announcing ShiftLeft CORE — A Code Security Platform
How Insider DLP Risks Impact Cybersecurity & Student Data Privacy
What is Cyber Risk?
Remote Work: How To Limit Cybersecurity Risks?
No! Not the beer! Cyber Attack Brought Molson Coors to a Halt

Upcoming Webinars

Tue 13

How to Build Safer Cloud-Native Applications

April 13 @ 3:00 pm - 4:00 pm
Wed 14

AppSec Risk: You Can’t Manage What You Can’t Measure

April 14 @ 1:00 pm - 2:00 pm
Thu 15

The Age of Collaborative Security

April 15 @ 11:00 am - 12:00 pm
Fri 16

Expect More From Your AppSec Vendor

April 16 @ 1:00 pm - 2:00 pm
Wed 21

Managing Open Policy Agent at Scale – Styra DAS

April 21 @ 3:00 pm - 4:00 pm
Thu 22

A New Approach to Secure Web Gateways

April 22 @ 11:00 am - 12:00 pm
Mon 26

The Kubernetes Network (Security) Effect

April 26 @ 9:00 am - 10:00 am
Mon 26

Application Security: Moving at the Speed of DevOps

April 26 @ 1:00 pm - 2:00 pm
May 05

Managing Permissions and Entitlements is at the Core of a Zero Trust Model in the Cloud

May 5 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Identity Management Day: Cybercriminals No Longer Hack in, They Log In
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Identity Management Day: Cybercriminals No Longer Hack in, They Log In

April 12, 2021 Brad Shewmake | 1 hour ago 0
Visibility, Context, Automation are Key to Security Control
CISO Suite Cloud Security Cybersecurity Data Security Endpoint Industry Spotlight Network Security Security Boulevard (Original) 

Visibility, Context, Automation are Key to Security Control

April 12, 2021 Ron Davidson | 12 hours ago 0
Secrets Detection: An Emerging AppSec Category
Application Security AppSec Cloud Security Cybersecurity Data Security Endpoint Industry Spotlight Security Boulevard (Original) 

Secrets Detection: An Emerging AppSec Category

April 8, 2021 Mackenzie Jackson | 4 days ago 0

Top Stories

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)
Analytics & Intelligence Application Security AppSec Cyberlaw Cybersecurity Deep Fake and Other Social Engineering Tactics Endpoint Featured Governance, Risk & Compliance Identity & Access Identity and Access Management Incident Response IoT & ICS Security Malware Network Security News Securing the Edge Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)

April 12, 2021 Richi Jennings | 4 hours ago 0
Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Analytics & Intelligence Application Security AppSec Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’

April 8, 2021 Richi Jennings | 4 days ago 0
Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL
Analytics & Intelligence Application Security Cybersecurity Data Security Endpoint Featured Identity & Access Malware Mobile Security News Security Boulevard (Original) Spotlight 

Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL

April 5, 2021 Richi Jennings | Apr 05 0

Security Humor

Robert M. Lee's & Jeff Haas' Little Bobby Comics - 'WEEK 324'

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 324’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.