This is key as it indicates that while the ransomware was the issue this was running in the background....LSADump which was programed into the malware this indicating that hackers were in actual control of the malware attack.....
Effects#
Lsadump is a hacking tool. These tools, even though they are not by nature viruses, are considered as dangerous to victims of attacks.
Means of transmission
Lsadump does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
Further Details
Lsadump has the following additional characteristics:
It is written in the programming language Visual C++ 6.
It is 32768 bytesi in size.
I am still puzzled though by the Kaspersky statement yesterday that defines this malware as something new...
They also stated that it was an complex attack using multiple attack vectors...meaning different attack methods and directions BUT that their anti viral detector picked it up under a generic filter......
Which is strange that a generic detector was available to detect a not previously seen in the wild totally new strain that they were not aware of....that comment in itself is unusual even for Kaspersky.
Also sitting outside of the malware attack zone they were quick to state and stated early before much was known at the time ...a complex attack from multiple attack vectors......
Bookmarks