Project Sauron Malware Infected Some Victims For Five Years

Aug 10, 2016

Project Sauron Malware Infected Some Victims For Five Years

BY Chris Brunau

Cybersecurity Ransomware

One malware to rule them all? An advanced form of malware known as Project Sauron has recently been uncovered. The malware code contains references to Sauron, the antagonist in The Lord of the Rings trilogy. According to researchers, the malware went undetected for five years at various companies.

According to Kaspersky, Sauron is hard to detect thanks to its ability to disguise itself in various ways, making it difficult to track and predict. The report notes the attackers understand what researchers are looking for, and are removing those recognizable warning signs, making it difficult to uncover.

The hacking group, known as Strider (another Lord of the Rings reference), has carried out cyber attacks on more than 30 organizations in Russia, Iran, and Rwanda. The attackers run a command to start the malware by modifying existing software deployment scripts. Once started on the target computers under a network administrator account, the installer connects to the hard-coded internal or external IP address and downloads the payload from there. The malware can steal files, track keystrokes, and use back-door access to compromise computers. Sauron also relies on infected USB drives to access computers that aren’t connected to the internet.

To learn more about Project Sauron and how you can protect yourself, check out Kaspersky’s report. For even more content on all things ransomware, including how to recognize and protect from some of the most common forms, download our eBook: The Business Guide To Ransomware.

Subscribe to the Blog