Blog

Malware Called Phorpiex Delivers Ransomware With Old School Tactics

Jun 10, 2021 | Blog

If you’re involved with internet security on any level, then you’re probably already familiar with the name Phorpiex. The malicious botnet has been around for years, and the people who control it have taken steps to keep it relevant.

They’re finding new ways to deliver ransomware and other threats, and sometimes, by moving in the other direction and going decidedly Old School. Recently, this has included the use of worm-like functionality to replicate itself far and wide.

Of interest, Phorpiex itself came under attack back in the early part of 2020, when an unknown attacker hijacked it on the back end and started uninstalling the modules that allowed the botnet to spam copies of its malicious payload.

According to the security firm Check Point, one of the more common payloads associated with Phorpiex is the Avaddon ransomware, which is widely used because it’s a “ransomware as a service,” which means it gets rented out to other hackers, allowing it to infect an even wider range of targets.

As Check Point analysts note:

“Phorpiex is one of the oldest and most persistent botnets, and has been used by its creators for many years to distribute other malware payloads such as GandCrab and Avaddon ransomware, or for sextortion scams.”

In recent months, the botnet has found its way onto Microsoft’s radar. Its controllers have tweaked it so that it modifies Windows registry keys in order to disable antivirus and firewall popups and override browser settings, which makes it more difficult to detect and stop.

Enterprise clients have the ability to circumvent these shenanigans by enabling Tamper Protection in Microsoft Defender for Endpoint, but home users aren’t so lucky.

Based on Check Point’s statistics, Phorpiex is currently the largest botnet in existence. Since law enforcement recently defanged the dreaded Emotet botnet, and researchers have tracked its activities across more than 160 different countries, giving it a truly global reach. Stay alert for this one. It’s a legitimate threat that can hit you no matter where you are, or where you do business.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech