Browsing tag
Amnesia ransomware It was found by xXToffeeXx and developed with Delphi programming language.They use to encrypt up to the initial 1 MB of documents utilizing AES-256 encryption in ECB mode. Once the documents are bolted along these lines, the malware will attach the “.amnesia” extension to them. Victims are forced to pay ransom to unlock […]
Ransomware is computer malware that installs covertly on a victim’s device (e.g., computer, smartphone, wearable device). It’s an exploit in which the attacker encrypts the victim’s data and requests payment for the decryption key. This kind of malware forces the victims to pay the hacker through online payment methods in order to grant access to […]
SophosLabs has discovered a new spam campaign where ransomware is downloaded and run by a macro hidden inside a Word document that is in turn nested within a PDF, like a Russian matryoshka doll. The ransomware in this case appears to be a variant of Locky. Most antivirus filters know how to recognize suspicious macros in documents, but […]
After almost an almost non-existent presence in 2017 and a few weeks off, Locky is back with a fresh wave of SPAM emails containing malicious docs. While it is not known what caused Locky’s hiatus, if they plan on pushing the ransomware like they previously did, then we all need to pay close attention. Locky Distributed Through […]
The developer of the AES-NI ransomware claims that the recent “success” he’s been enjoying is due to the NSA exploits leaked last week by the Shadow Brokers group. In a series of tweets he posted online, the AES-NI author alleges he successfully used ETERNALBLUE, an exploit targeting the SMBv2 protocol, to infect Windows servers across […]
A new ransomware as a service (RaaS) called Karmen has been discovered by security researchers at Recorded Future. This service allows anyone, including novices, to set up an account and customize their own ransomware campaign. The Karmen RaaS costs $175 and lets buyers set ransom prices, determine how long to give victims to pay and offers multiple […]
[jpshare]Ransomware for Android, or any mobile platform, have been generally uncommon.The risk has fundamentally been kept to Windows desktops, where it’s flourished with a fast improvement cycles of new elements and capacities. At the current Kaspersky Lab Security Analyst Summit, Google tossed back on the blind on how it has curtailed ransomware on Android with […]
A new ransomware called Mole was found by security researcher Brad Duncan while he was analyzing a new SPAM campaign. After examining this sample, I feel that this is probably another variant of the CryptoMix family as it has many similarities to the Revenge and CryptoShield variants. As a note, in this article I will be referring to this infection as the […]
No greater Ransom so is available tools free to Decrypt Ransomware. Launched much less than a yr ago, the No more Ransom (NMR) assignment has extended its ability with new companions and new decryption equipment delivered to its now global campaign to decrypt Ransomware. Began as a joint initiative by using Europol, the Dutch countrywide […]
Brad Duncan, a Threat Intelligence Analyst for Palo Alto Networks Unit 42, has recently started seeing the EITest campaign use the RIG exploit kit to distribute the Matrix ransomware. While Matrix has been out for quite some time, it was never a major player in terms of wide spread distribution. Matrix Ransomware HTA Ransom Note Now […]
For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows. For their attacks, the groups are using a zero-day in Apache Struts, disclosed and immediately fixed […]
An Indian developer is playing around with an open source ransomware builder, which in the long run may end up causing serious problems for innocent users. This developer, who goes by the nickname of Empinel and claims to be based in Mumbai, has forked the open source code of the EDA2 project, and with the […]
A few days ago Skype users noticed that the instant messaging service served a malicious malware masquerading as fake Flash player update. Several users reported this incident on Twitter and Reddit and explained that they noticed an ad which was prompting them to download a malicious file disguised as “Flash player.” Wow not bad, got this in […]
Several users have complained about “fake Flash” ads, which if triggered, can lead to a ransomware attack. Several users have complained that ads served through Microsoft’s Skype app are serving malicious downloads, which if opened, can trigger ransomware. News of the issue came from a Reddit thread on Wednesday, in which the original poster said […]
A new ransomware app has been spotted in the wild, which could easily bypass your mobile anti-virus allowing the app to lock your device. As per reports, the app is currently targeting Russian users, and so far hundreds of Android users have been victimized. Cyber-security firm Zscaler first spotted the vicious code in the app […]
Earlier this month, we teased a proof of concept for UEFI ransomware, which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren’t just a theoretical concept, but have actually been weaponized by nation states to conduct cyber-espionage. Physical access requirements are a thing of […]
If you want to know what some ransomware developers think about the USA, you can get a good idea from the ransom note of the Sanctions Ransomware that was released in March. Dubbed Sanctions Ransomware due to the image in the ransom note, the developer makes it fairly obvious how they feel about the USA and their attempts […]
Apple fixes flaw attackers used to trick uninformed users into paying a fine. Ransomware scammers have been exploiting a flaw in Apple’s Mobile Safari browser in a campaign to extort fees from uninformed users. The scammers particularly target those who viewed porn or other controversial content. Apple patched the vulnerability on Monday with the release […]
A new ransomware was discovered today by MalwareHunterTeam called LLTP Ransomware or LLTP Locker that is targeting Spanish speaking victims. On a closer look, this ransomware appears to be a rewritten version of the VenusLocker ransomware. In summary, the LLTP Ransomware has the ability to work in online or offline mode. So regardless of whether there is a connection to […]
A malware author that loves Polish hip hop music appears to be behind the Polski, Vortex, and Flotera (spelled Ŧl๏tєгค) ransomware families that have made a small number of victims between January and March this year. All three ransomware families are related, and one evolved from the other. First on the scene was the Polski […]
A new CryptoMix, or CryptFile2, variant called Revenge has been discovered by Broad Analysis that is being distributed via the RIG exploit kit. This variant contains many similarities to its predecessor CryptoShield, which is another CryptoMix variant, but includes some minor changes that are described below. As a note, in this article I will be referring to this […]