By Davey Winder – Windows users have become accustomed to warnings related to system updates, like the recent report of a threat campaign that specifically targets newly updated Windows 10 systems, for example. Now, as picked up by the folk over at Bleeping Computer, it seems that threat actors are using Windows Explorer as part of their ransomware attack process.

A strain of the Mailto (NetWalker) ransomware can inject malicious code right into Windows Explorer, researchers at security solutions company Quick Heal discovered. By using a technique of “process hollowing” to achieve this process code injection, the ransomware actors hope to evade detection. Process hollowing is a defense evasion technique, unmapping memory of a suspended state process and replacing it with malicious code, that is effective against whitelisting and signature-based detection. Except that the researchers found that instead of creating the process in suspended mode, the NetWalker actors are using debug mode instead. All of which is bad news, as NetWalker is as nasty as it is sophisticated, targeting both home and business Windows users alike. After the ransomware runs its encryption routines, “explorer.exe kills the parent process and deletes the original sample,” the file that has been dropped as well the RUN entry, the researchers said, “eradicating the traces of its existence.”

The recently published FBI Internet Crime Complaint Center (IC3) “Internet Crime Report” revealed that reported cybercrime had cost individuals and businesses a staggering $3.5 billion (£2.7 billion) in 2019. The FBI has been warning anyone who will listen about the high-impact nature of ransomware for months now, yet still we see incidents such as the City of New Orleans which declared a state of emergency following such an attack and London-based global foreign currency exchange Travelex suffering massive business disruption courtesy of ransomware actors. That FBI IC3 report showed that ransomware losses were up from $2.4 million (£1.85 million) in 2016 to $8.9 million (£6.8 million) last year. Read On: