Shamoon 2 May Get a Ransomware Feature and StoneDrill Hides in Memory

This is a good read from DarkReading. In summary, Shamoon was Sha-sleep for quite Shum time (You see what I did there, right?) but returned last year to harass some folks in the Middle East. It is typically deployed as data wiping malware, but it seems as if the developer realized that there can be money in adding a ransomware feature in version 2.  While it’s not in the wild yet, it’s a lesson that malware devs are starting to see the value in coding a ransomware option in to what they are already distributing.

Also, StoneDrill is injecting itself into the memory process of the user’s browser and doing a good job of ducking under sandbox radars. It appears to share code with NewsBeef and/or Charming Kitten APTs which are generally affiliated with Iranian State-Sanctioned options. Currently these are still focused on the Middle East, but it appears at least one European org has been infected with it.


Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in InfoSec

Leave a Reply