HQ/EMEAFind out how we can help your business
The newly discovered JPEG-based ransomware delivery tactic is the latest threat to security solutions.
Based on reports, this sophisticated ransomware delivery method employs standard JPEG image files to bypass conventional AV protections. Moreover, this tactic embeds fully undetectable ransomware payloads in seemingly harmless image files.
The method was discovered while analysing ongoing ransomware campaigns and showcases a notable shift in cybercriminal tactics.
The JPEG-based ransomware attack executes a multi-stage operation.
According to investigations, the JPEG-based ransomware strategy uses a multi-stage deployment approach, hiding malicious intent within trusted file formats such as JPEGs and deceptive documents like PDFs or Word files.
The attack starts once a victim opens a compromised JPEG image. Concealed within the image is a small, obscured script called a lightweight stager that eludes both behavioural and signature-based detection.
Once activated, the stager quietly connects with a remote command-and-control server.
Subsequently, this link allows the attacker to retrieve the primary ransomware payload through encrypted channels, effectively evading network monitoring systems.
Once successfully delivered, the ransomware encrypts the files on the infected device and issues a ransom request, typically demanding payment in cryptocurrency.
Furthermore, a crucial aspect of this tactic is the use of file pairing. Cybercriminals distribute the malicious JPEG alongside a benign-looking document, splitting the ransomware payload between the two files.
This separation allows both files to evade detection, as traditional AV tools are unlikely to recognise them as part of a unified attack.
In response to this finding, the FBI’s Cyber Division has published a security advisory urging organisations and individuals to strengthen their defences.
The agency recommends thoroughly reviewing email security protocols, endpoint protection strategies, and user awareness training programs.
The advisory particularly emphasises the need to integrate heuristic and behavioural analytics into cybersecurity frameworks rather than depending solely on static scanning techniques.
This tactic signifies a crucial turning point in the battle against ransomware. With commonplace file formats now posing as possible delivery methods for malware, ensuring organisational resilience requires vigilance and adaptive security measures.
