ONI Ransomware Used in Attacks Against Japanese Companies [source: bleepingcomputer]

by CIRT Team

As more and more ransomware outbreaks are discovered, the line has become blurred in whether they are being utilized as a wiper or an actual ransomware. Such is the case with a new ransomware attack called ONI that has been used in targeted month long attacks against Japanese companies.

It all started when security firm Cybereason analyzed some computers that were infected with a ransomware called ONI. This ransomware has been analyzed before, but it was not understood how the ONI victims were being infected. After analysis by Cybereason researchers, it was discovered that the infected computers had also been previously targeted by a spear phishing campaign that installs a RAT, or Remote Access Trojan, on the victim’s computer.

These phishing emails pretend to be receipts that contain a zip attachment with a malicious Word document inside it. When a user opens the document and enables macros, a VBScript script will be launched that downloads and install a copy of the Ammyy Admin RAT onto the infected computer.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping