December 21, 2018 By David Bisson 2 min read

Researchers spotted two Satan variants targeting organizations in the financial sector with Monero miners and ransomware.

The first variant of the malware, which security solutions provider NSFOCUS spotted in early November, targets Linux and Windows systems and spreads by exploiting various application vulnerabilities. After establishing a foothold into a system, the virus simply propagates itself further without causing additional damage.

A few weeks later, NSFOCUS came across a second variant of Satan that is also capable of self-propagation via Windows and Linux platforms. But unlike the first sample, this variant is drops ransomware that encrypts local files and appends “.lucky” to filenames of affected assets. It also installs the XMRig Monero miner on infected machines.

The Evolution of Satan

First reported on by Bleeping Computer in January 2017, Satan entered the digital threat landscape as a ransomware-as-a-service (RaaS). Its operators have since updated its capabilities to expand its reach. In April, Blaze’s Security Blog reported that a Satan variant had abused the EternalBlue exploit to spread across vulnerable systems. 360 Total Security later observed that the threat had added two new system vulnerabilities to its arsenal.

Satan’s evolution is emblematic of ransomware’s ongoing prominence as a digital threat. Europol went so far as to call ransomware “the key malware threat in both law enforcement and industry reporting” given the surge in targeted campaigns and attackers’ preference for ransomware over banking Trojans in financially motivated malware attacks.

How to Defend Against Satan Variants

Security professionals can help defend the organizations against Satan variants by patching software vigilantly and regularly. Investing in endpoint management technology can also help security teams gain visibility into users and devices and keep ransomware off the network proactively.

Finally, organizations should implement an antivirus solution that is compatible with the Anti Malware Scanning Interface (AMSI) to protect their networks from Monero miners and other cryptocurrency-related threats.

Sources: NSFOCUS, Bleeping Computer, Blaze’s Security Blog, 360 Total Security, Europol

More from

ONCD releases request for information: Open-source software security

3 min read - Open-source software is a collective partnership across the development community that requires both private and public buy-in. However, securing open-source software can be tricky. With so many different people working on the coding, security measures are often overlooked, increasing the chances that a vulnerability will fall through the cracks and be exploited. The Open-Source Software Security Initiative (OS31) aims to provide governance over open-source security processes. After the Log4Shell vulnerability, securing open-source software became a top priority for the federal…

How cyber criminals are compromising AI software supply chains

3 min read - With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.No matter whether you use…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today