Nearly 50 Linux and Windows servers have been affected by these attacks Ransomware attacks became popular (for the worst reasons) in a brief lapse of time. News about attacks such as WannaCry, Petya and NotPetya preceded a substantial increase in the number of small campaigns using similar techniques to extort unsuspecting Internet users. Recently, ethical hacking researchers have disclosed the […]
Another ‘Aggressive’ Locky ransomware campaign launched with 20 million attacks in a single day. Barracuda Advanced Technology Group (BATG) has identified an ‘aggressive’ Locky ransomware threat launched in about 20 million attacks on the very first day, and the campaign seemingly has started just yet. On Tuesday BATG stated that it was ‘actively monitoring an […]
Locky Ransomware has a piece of a history of going silent and growing back all of a sudden.Security experts at Appriver detected this new campaign. In span of 24 hours over 23 million messages sent out in the attack, which makes it one of the biggest malware campaign in latter half of 2017. Locky Ransomware […]
Emails tell victims they need to download an attachment to view “suspicious activity” – then infects them with ransomware. In the immediate aftermath of a major data breach, cybercriminals will often look to take advantage of the situation by sending phishing emails warning people their credentials aren’t safe and that they must login through a […]
Surreptitious attacks often prey on people visiting legitimate sites. A new wave of crypto ransomware is hitting Windows users courtesy of poorly secured websites. Those sites are infected with Angler, the off-the-shelf, hack-by-numbers exploit kit that saves professional criminals the hassle of developing their own attack. The latest round is especially nasty because before encryption, […]
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. “The attacker intends to utilize a victim’s resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency,” Fortinet FortiGuard Labs researcher Cara […]
Cybersecurity specialists reported the detection of an ambitious phishing campaign in which operators try to trick users while posing as employees of a paid service that must be cancelled. The goal of these hackers is to infect the attacked systems with the BazaLoader malware variant. This malware is able to implant a backdoor on Windows […]
Cybersecurity specialists report detecting a hacking group operating from Iran that has deployed multiple attacks and cyber espionage campaigns against Israeli organizations pretending to be a ransomware operation. This hacker group was identified as Agrius and would have been launching attacks since late last year. Amitai Ben Shushan Ehrlich, researcher at security firm SentinelOne, says: […]
The worst alliance of Ransomware and the CryptoMiner family in a spread spree, early January 2019. Malware Spam or MalSpam is the term used to designate malware that is delivered via email messages. Malicious spam (MalSpam) using zipped JavaScript (.js) files as email attachments–this is a well-established tactic used by cybercriminals to distribute malware. The […]
SamSam ransomware campaigns continue to launch attacks against various organizations sectors including Government, Healthcare and Industrial control sectors. Unlike other Ransomware, SamSam trying to exploiting the critical vulnerabilities in the target organization network instead of using wide spreading Spam approach to compromise the target that used by other ransomware families. The SamSam ransomware group behind […]
Cybercriminals now using new Fallout Exploit Kit for launching GandCrab Ransomware via Malvertising Campaign that targets many victims around the world. This malvertising campaign mainly affected users in Japan, Korea, the Middle East, Southern Europe, Asia Pacific region and other countries. Along with this Exploit kit, there are additional domains, regions, and payloads associated with the campaign […]
SamSam Ransomware campaign evolution continues and this time a new variant but there is no difference in the encryption mechanism when compared to old variants. With the new variant some string obfuscation and anti-analysis techniques added to make detection difficult. The SamSam ransomware campaign targetting multiple industries including Government, Healthcare, ICS and also the individuals […]
A common infection vector used by botnet creators is scanning the Internet for web vulnerabilities to exploit for malware or back doors. The advantage of hitting servers over personal consumer devices is the ability to leverage powerful hardware that is always online and has high bandwidth. Also, many servers do not have anti-virus solutions in […]
An ongoing spam campaign is using boobytrapped image files to download and infect users with the Locky ransomware, Israeli security firm Check Point reports. aMalware authors are spreading malicious image files via these two platforms. When users detect the automatic download, if they access the malformed image, malicious code will install the Locky ransomware on […]
“No More Ransom” Campaign Saves the Day for 2,500 Ransomware Victims Saving Over 1.3 Million Euros. Ransomware can easily be regarded as the biggest threat of this age as it affects the entire computer system and there is apparently no way to get your data back unless you pay the ransom. Ransomware is powerful malware […]
Proofpoint researchers originally discovered the CryptFIle2 ransomware in March [1]. At the time, it was spreading via exploit kits (EKs); however, beginning on August 3, 2016, we detected the first large-scale email campaign distributing CryptFIle2, allowing a degree of targeting not generally possible with EKs. This ongoing campaign appears to be targeting primarily state and […]
By mid-July 2016, the Afraidgate campaign stopped distributing CryptXXX ransomware. It is now distributing the “.zepto” variant of Locky. Afraidgate has been using Neutrino exploit kit (EK) to distribute malware after Angler EK disappeared in early June 2016. As we previously reported, this campaign continues to utilize gate domains using name servers from afraid.org. Changing […]
TeslaCrypt ransomware infections continue to surge. We reported last week about the first signs of a new TeslasCrypt ransomware campaign that was slowly starting to shape up. Now, after only a few days have gone by, it appears that initial reports are correct, and we are in the midst of a large-scale TeslaCrypt attack. As initially […]
A look inside your typical malware campaign.In an optimal scenario, when you get infected with malware, you think it’s only one virus. Unfortunately, in the real world it’s not so, and security analysts from Heimdal Security have unveiled details about a malware campaign that starts with infostealers, goes through exploit kits, and finishes with computers […]