Browsing tag
A new ransomware called Satana was discovered by Malwarebytes security researcher S!Ri that packs a 2 in one punch. When installed, the Santana Ransomware will encrypt your files using a standard file crypter and then also install a bootlocker to prevent you from logging into Windows. This bootlocker will display immediately before Windows starts and require a password before it will allow a […]
As data-encrypting malware proliferates, new entrants search for ways to stand out. The crypto ransomware racket is a booming business thatgenerates lots of revenue, so it only makes sense that the scourge is growing. And with new titles entering the market on almost a weekly basis, how do the criminals behind them make their malware […]
How do companies regardless of size and industry prepare for ransomware attacks? A recent study revealed that businesses are considering saving up Bitcoins, just in case they get hit by these threats and can recover their confidential files in a short span of time. While we don’t recommend succumbing to the ransom payment as it doesn’t […]
Ransomware! Ransom Software! Encrypting Ransomware! AHHH! No doubt the last year exposed you to this term numerous times and I doubt any of it was in reference to a good event. So, you might wonder why you have been hearing about it so much, truth be told Ransomware has been a pain in the side of […]
Proofpoint researchers have been tracking the rapid development of CryptXXX since they first discovered the ransomware in April [1]. In mid-May, the first major CryptXXX update temporarily broke the decryption tool available from our colleagues at Kaspersky Labs and locked the screens of infected PCs, making it harder to access the file systems [3]. Last […]
Crooks breaking into enterprise networks are holding data they steal for ransom under the guise they are doing the company a favor by exposing a flaw. The criminal act is described as bug poaching by IBM researchers and is becoming a growing new threat to businesses vulnerable to attacks. According to IBM’s X-Force researchers, the […]
From the beginning of this year, we are observing rapid development of DMA Locker. First, the threat was too primitive to even treat it seriously. Then it evolved to more complex but still decryptable ransomware. The 3.0 edition was very similar to the previous one that we described, so we skipped posting about its details (the […]
University of Texas researchers find a way to merge two low-quality sources of random numbers into high-quality output. Two researchers from the University of Texas have published a paper that details a new algorithm for combining two sources of entropy to obtain a higher-quality random number that can be used to bolster encryption operations with […]
RANSOMWARE IS A multi-million-dollar crime operation that strikes everyone from hospitals to police departments to online casinos. It’s such a profitable scheme that experts say traditional cyberthieves are abandoning their old ways of making money—stealing credit card numbers and bank account credentials—in favor of ransomware. But now that lawmakers on Capitol Hill are in the […]
The Bucbi ransomware family, which dates back to early 2014, has received a significant update. In a recently observed attack, we also noted new tactics used to infect systems. The malware has historically been delivered via an HTTP download, most likely via an exploit kit or phishing email. However, in recent weeks, Palo Alto Networks […]
.. but security researchers already cracked it According to security experts from Cylance, in the underground world of ransomware peddlers, there’s no ransomware kit better than AlphaLocker, sold by a Russian malware coder for around $65. Luckily for us, other security experts have already cracked its secrets over the past weekend, and a decrypter was published […]
Simple attacks plus user willingness to pay ransoms to get their files back means ransomware is on the rise, warn Kaspersky researchers. Ransomware has replaced advanced persistent threat (APT) network attacks as the most problematic cyberthreat — and early indications suggest that they’ll be the main problem for 2016 as a whole, cybersecurity researchers from […]
A few months ago, we reported on a white hack against Dridex where the malicious payload was removed and an Avira antivirus downloader added. It seems that a very successful Locky ransomware distribution network has been the victim of a similar attack by a white hacker. Locky is a ransomware that encrypts the files and […]
CryptMix is a mashup of CryptXXX and CryptoWall. A new type of ransomware created and distributed by a group of crooks calling themselves the Charity Team is trying to encourage users to pay the ransom note by promising to give some of the money to a children’s charity organization. Researchers from Heimdal Security claim the ransomware […]
The Lansing Board of Water & Light (BWL) utility has had to shut down systems, phone lines in response to a ransomware-based attack. The Lansing Board of Water & Light (BWL) utility has had to shut down systems, phone lines in response to a ransomware-based attack. Another ransomware attack against a critical infrastructure is in […]
Ransomware makes headlines when hospitals are taken offline or police departments pay cybercriminals to decrypt their files. Established threat actors have also begun distributing ransomware in high volumes (as with Locky) and through exploit kits (à la CryptXXX), further raising the profile of ransomware in the security and business communities. However, an even bigger story […]
The website of popular American brand Maisto, known for miniature and radio-controlled toy vehicles, was caught pushing the Angler exploit kit eventually leading to ransomware infections. According to website security company Sucuri, maisto[.]com is running on a Microsoft IIS server and showing an outdated version of the Joomla Content Management System, therefore exposing itself to automated hacks. Malicious code was […]
A security researcher named Casey Smith published an article last week where he detailed how the Windows Regsvr32.exe command could be used to bypass AppLocker restrictions. In this article he described a not commonly known feature where Regsvr32 can execute specially crafted scripts on a remote host using a URL. These scripts are XML files that contain embedded Jscript or VBScript scripts that […]
Yesterday, a new ransomware called TrueCrypter was discovered by AVG malware analyst Jakub Kroustek. This ransomware encrypts your data using AES-256 encryption and then demands either .2 bitcoins or $115 USD in Amazon gift cards. When encrypting your data, TrueCrypter will append the .enc extension to all encrypted files. It is unsure if the sample that we […]
Hostile JavaScript delivered through ads installs ransomware on older Android phones. An ongoing drive-by attack is forcing ransomware onto Android smartphones by exploiting critical vulnerabilities in older versions of Google’s mobile operating system still in use by millions of people, according to research scheduled to be published Monday. The attack combines exploits for at least two […]
A security researcher named Mosh has discovered a new variant of the 7ev3n Ransomware, which has rebranded itself as 7ev3n-HONE$T. This ransomware will encrypt your data and then ransom your files for approximately $400 USD in bitcoins. It is currently unknown how it is being distributed or what encryption type it uses. Unfortunately, there is no way to […]