Home Malware Programs Ransomware PonyFinal Ransomware

PonyFinal Ransomware

Posted: May 28, 2020

The PonyFinal Ransomware is a file-locking Trojan that prevents documents and other files from opening on your computer as part of a ransoming scheme. It typically gains access to systems with the manual intervention of the threat actor, which brute-forces weak server security. Windows users can protect their files with backups on other devices, robust login credential choices, and the usual anti-malware products that should delete the PonyFinal Ransomware on sight.

Criminals Demanding an Extravagant Pony Up

Strength isn't necessarily about numbers, whether it's in real warfare or its digital equivalent. A new file-locking Trojan, seemingly active for two months in 2020, is asking for extraordinarily costly ransoms, even for the enterprise-grade entities that are at risk from it. For its business strategy, the PonyFinal Ransomware bears much in kind with Snatch Ransomware, but with even starker differences from a traditional RaaS campaign.

The singular threat actor deploying the PonyFinal Ransomware (rather than renting it out to third parties) targets selective victims worldwide, including businesses in India, the Middle East, and North America. The introduction method seems manual, with criminals, first, breaking into a system by brute-forcing passwords or exploiting software vulnerabilities. After gaining control over the remainder of the network, mainly, Java-using workstations, they deploy the PonyFinal Ransomware.

the PonyFinal Ransomware is very unusual for its Java dependency, which explains the former workstation preferences, although the threat actor also may install JRE manually. Its payload's formula is the most unremarkable element: securely encrypting files so that they can't open, appending 'enc' extensions (a symptom it shares with many, more mainstream Trojans), and creating a ransom message. Businesses are facing demands for enormous sums for unlocking their files – up to three hundred Bitcoins, or nearly three million USD, in some cases.

For contrast, the average Ransomware-as-a-Service asks for under one thousand dollars.

Fending Off the Feral Pony That's Best Left to Starve

While the requirement of Java's presence might seem like a weakness, but in the context of the PonyFinal Ransomware's standard deployment, it doesn't provide much protection. The responsible threat actor handles installation with a hands-on approach, including extras such as an event log-bypassing tool and PowerShell data-collecting attacks beforehand. By the time the PonyFinal Ransomware runs, users may assume that the attacker is compromising the entire network.

The lynchpin to any file-locking Trojan assault, no matter how sophisticated it is, is the presence or lack of a secure backup. Backup security can offer a dependable (and, obviously, cheaper) solution for recovering data, regardless of the circumstances. Malware experts also suggest checking all passwords for appropriate strength, which will shore a network's defenses against brute-force and dictionary attacks.

Users can update their anti-malware products for raising detection rates of the latest threats, like the PonyFinal Ransomware. Deleting the PonyFinal Ransomware is, however, only a small portion of the proceedings necessary for regaining a secure internal network.

The greatest danger of the PonyFinal Ransomware is that it might get that payout that it seeks so brashly. With such a payday awaiting it, it doesn't take many 'customers' for making crimes like this one into a recurring model.

Loading...