Question

Please DO NOT copy-paste from other sources. answer will be checked for plagiarism. Thank you!!!

Question: Using a Web browser, perform some research on a newer malware variant that has been reported by a major malware containment vendor. Using a search engine, go to the vendor’s Web site; this could be Symantec, McAfee, or any of their competitors. Visit one malware prevention software vendor. Search for the newest malware variants and pick one. Note its name and try to understand how it works. Now look for information about that same malware from at least one other vendor. Were you able to see this malware at both vendors? If so, are there any differences in how they are reported between the two vendors?

Answer 1

Newer Malware Variant -

1) LIST OF COMPUTER SECURITY COMPANY - (by google search results)

Malwarebytes, ESET, McAfee, Webroot, Kaspersky, Panda Security, Symantec etc.

2) Search for the newest malware variants -

links -

"https://www.mcafee.com/enterprise/en-in/threat-center.html"

"https://www.symantec.com/security-center/threats"

3) Malware name and its working -

Ryuk - Ransomware - "https://www.mcafee.com/enterprise/en-in/threat-center/threat-landscape-dashboard/ransomware-details.ryuk-ransomware.html"

WORKING - The ransomware uses AES and RSA encryption and demands between 15 and 50 Bitcoin for the decryption key. The malicious software kills hundreds of processes and services and also encrypts not only local drives but also network drives. The attacks are reported to be targeted at organizations that are capable of paying the large ransom demanded. Variants found in mid 2019 will not infect the system if the computers IP address or computer name is part of a blacklist.

Now at symantec -

Name - Ransom.Ryuk - " https://www.symantec.com/security-center/writeup/2019-051315-1353-99?om_rssid=sr-latestthreats30days"

Description - Ransom.Ryuk is a Trojan horse that encrypts files on the compromised computer and demands a payment to decrypt them. The Trojan ends processes and services related to antivirus, database, backup, and document editing software.

Differences in how they are reported -

On both the websites it is indicated what the malware does i.e. compromises system and demands money just in different manner.

On the McAfee website they have specified the Sources that reported attack by the malware and links to all the reports indicating detailed information for the same.

While on Symantec corporation they specified short description and a detailed Technical description as how the malware actually works. Further they have given recommendations to adhere best practices.