Ransomware is a blunt instrument that wants your money and doesn’t usually care if it leaves footprints behind.
So when SophosLabs researchers analyzed a sample of the BitPaymer ransomware family, they were surprised to see it using a malware coding trick that you don’t see very often – one that makes it harder to figure out how the attack unfolded after the event.
While that may sound like cold comfort if your files have just been scrambled, it makes it harder to warn the next victim what to look out for.
This sample uses a feature of the Windows file system called alternate data streams (ADS) so that the malware is less obvious while running.
Full Article.
