Microsoft has issued warnings about PonyFinal, a Java based ransomware that has been used by threat actors extensively during the last two months. This type of ransomware is what some are calling “human-operated,” similar to Ryuk, Sodinokibi, and Bitpaymer. Instead of automatically encrypting files on one computer as soon as the malware runs, attackers use remote access tools to manually explore the network and expand their access to as many critical servers as possible before encrypting files across all servers at once and causing the maximum amount of damage. Once its processes are finished it will drop the ransom note titled “README_files.txt” which includes payment instructions. PonyFinal is one of the ransomware varieties believed to be connected to some of the attacks on hospitals during the peak of the COVID-19 pandemic.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in