India, Iran and the United States have issued reports of the PonyFinal extortion malware infection.
Microsoft's security team has warned organizations around the world to take measures to protect against a new type of ransomware that has been around for more than two months.
PonyFinal strongly attacks weak accounts.
PonyFinal is an extortion malware written in the Java language. Hackers use PonyFinal to attack the company's server systems. Upon entering the system, PonyFinal will deploy itself - this is different from previous ransomware attacks spread by spreading through spam to trick users into downloading themselves.
Microsoft said the company has investigated incidents related to ransomware. Its entry point is usually an account in the company's server system. PonyFinal has hit hard accounts with weak passwords. Once inside, PonyFinal uses Visual Basic code to activate the PowerShell barrier to retrieve data.
Moreover, the attackers also use the remote control system to avoid backups. Once PonyFinal has a firm grasp of the target's network, they will spread to other nearby systems and deploy PonyFinal.
Microsoft added that the files encrypted with ransomware PonyFinal usually have a ".enc" extension and require a payment called README_files.txt .
At the present time, due to high security, PonyFinal's code has not yet been solved.