Get updates delivered to you daily. Free and customizable.
TechRadar
A lone-wolf researcher has turned the table on the hackers
By Sead Fadilpašić,
2022-05-04
A researcher going by the name hyp3rlinx has discovered that some of the most popular ransomware strains, such as Conti, REvil, LockBit, including many others, carry a flaw that makes them vulnerable to DLL hijacking.
By exploiting the flaw, the researcher was able to prevent the ransomware from its key selling proposition - encrypting files.
As reported by BleepingComputer, DLL hijacking is usually used to inject malicious codes into legitimate applications. For these ransomware strains, however, the researcher created a proof of concept, and recorded a demo video showcasing how it’s done.
DLL hijacking exploits how apps search and load memory in the Dynamic Link Library (DLL) files. A program that does not have enough checks can load a DLL from a path outside its directory, essentially elevating privileges and allowing for arbitrary code execution.
In this case, the researcher created a unique code and compiled it into a DLL with a name familiar to the ransomware. It is also important, the researcher stresses, that the DLL is placed in a location where ransomware operators usually place and run their malware(opens in new tab), such as a network location with key data.
That would kill the ransomware in its inception.
What makes this method even more deadly is the fact that it can’t be classified as a security solution, and as such, cannot be bypassed in the way ransomware strains usually bypass antivirus(opens in new tab) and other cybersecurity solutions.
The big question is - how long will this mitigation measure last? Ransomware operators often update and upgrade their products, and if this is a newly discovered flaw, it’s probably only a matter of time before it gets patched up.
Unfortunately, ransomware operators are quite fast and diligent, and we can expect the hole to be plugged sooner, rather than later.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Get updates delivered to you daily. Free and customizable.
Welcome to NewsBreak, an open platform where diverse perspectives converge. Most of our content comes from established publications and journalists, as well as from our extensive network of tens of thousands of creators who contribute to our platform. We empower individuals to share insightful viewpoints through short posts and comments. It’s essential to note our commitment to transparency: our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. We strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation. Join us in shaping the news narrative together.
Comments / 0