RAUM is a new tool for the production, distribution and monitoring of malicious torrent files.
These files either contain or link to malware, with payloads including the CryptXXX ransomware, Dridex banking trojan and Pony password stealer.
It is a highly automated commercial tool, operating on a pay-per-install model and uses a network of physical and virtual servers along with compromised user accounts to distribute the files. RAUM’s creators are proactive in circulating and adding new capabilities to the software.
Sufficient protection should be provided by blocking access to torrent services, and directing users to only download files and software from trusted sources.
To prevent and detect a trojan infection, ensure that:
- A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
- All operating systems, antivirus and other security products are kept up to date.
- Regular full system antivirus scans should be performed across the estate.
- All day to day computer activities such as email and internet are performed using non-administrative accounts.
- Network, proxy and firewall logs should be monitored for suspicious activity