Ransomware and Recent Variants

boredog · Oct 13, 2016

here is a write up from malwarbytes on the hta infections. https://blog.malwarebytes.com/cybercrime/2016/09/surfacing-hta-infections/

itman · Oct 13, 2016

cruelsister said: ↑

In addition to js and wsf coded ransomware there has been an increasing number of hta Locky malware. These are totally independent of wscript but instead will use mshta and rundll32 to execute.
Click to expand...

True. But this recent ransomware uses an obscure wscript.exe suffix.

ronjor · Oct 14, 2016

Researchers Build Configuration Extractor for Locky Ransomware

By Ionut Arghire on October 14, 2016
Researchers from Cisco Talos have created a new tool that allows users to extract the configuration of the Locky ransomware.
Click to expand...

hawki · Oct 14, 2016

"CryPy ransomware encrypts your files with a unique key for each one.."

https://www.neowin.net/news/crypy-ransomware-encrypts-your-files-with-a-unique-key-for-each-one?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+neowin-main+(Neowin+News)

ronjor · Oct 17, 2016

These free ransomware decryption tools have rescued data from 2,500 locked devices

By Steve Ranger | October 17, 2016 -- 12:38 GMT (05:38 PDT)
Decryption tools have cost cyber-crooks more than a million euros in two months by unlocking encrypted devices for free.
Click to expand...

ronjor · Oct 19, 2016

The new .LNK between spam and Locky infection

msft-mmpcOctober 19, 2016
Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors might be using to keep it going.
Click to expand...

lotuseclat79 · Oct 24, 2016

Hacker Lexicon: A Guide to Ransomware, the Scary Hack That’s on the Rise

Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin.
...
And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones.
Click to expand...

-- Tom

ronjor · Nov 4, 2016

Ransomware Attacks Have More Than Doubled In Q3, Says Report

Dark Reading Staff 11/4/2016
Q3 cyber threat study by Kaspersky Lab says ransomware modifications have risen 3.5 times and newer countries are coming under attack.
Click to expand...

Minimalist · Nov 9, 2016

Indiana county government shut down by ransomware to pay up

Madison County, Indiana, suffered a widespread ransomware attack that shut down virtually all county services last week. Over the weekend, the county government leadership decided to pay the ransom demands of the ring running the malware, which has not yet been identified publicly.
Click to expand...

http://arstechnica.com/security/2016/11/indiana-county-government-shut-down-by-ransomware-to-pay-up/

hawki · Nov 10, 2016

"Hospitals Now Seeing 20 Ransomware Attacks Per Day On IT Infrastructure...

...'According to a recent report by Intel Security, the healthcare sector is experiencing over 20 data loss incidents per day related to ransomware attacks...' "

https://www.techdirt.com/articles/20161103/07494035952/hospitals-now-seeing-20-ransomware-attacks-per-day-it-infrastructure.shtml?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+techdirt/feed+(Techdirt)

Minimalist · Nov 10, 2016

Telecrypt ransomware uses Telegram for command and control

Telecrypt, a newly spotted piece of crypto ransomware that uses Telegram’s communication protocol to deliver the decryption key to the crooks, is targeting Russian-speaking users.
Click to expand...

https://www.helpnetsecurity.com/2016/11/10/telecrypt-ransomware-uses-telegram/

ronjor · Nov 10, 2016

Insurance Firm Directs Response in Madison County Ransomware Attack

By Kevin Townsend on November 10, 2016
There is considerable confusion over what actually happened. Fox News called Saturday Nov. 5 as 'Day 4' of the attack and quoted Lisa Cannon, Director of the County's IT Department, as saying that paying the ransom was still 'very much on the table'. "We are in the discretion of the insurance company," she said. "That's a decision they're going to make."
Click to expand...

ronjor · Nov 11, 2016

77 Percent of Ransomware Attacks Successfully Bypass Email Filtering

By Jeff Goldman | Posted November 11, 2016
And 95 percent bypass firewalls, a recent survey found.
Click to expand...

Minimalist · Nov 14, 2016

Crysis ransomware master decryption keys released

The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public.
Click to expand...

https://threatpost.com/crysis-ransomware-master-decryption-keys-released

boredog · Nov 14, 2016

"The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public."

"The survey also found that 95 percent of the attacks bypassed the victims' firewall(s) and 52 percent bypassed anti-malware solutions."

makes the curious cat wonder what kind of antimalware were they using?

ronjor · Nov 15, 2016

OPM-Impersonating Spam Emails Distribute Locky Ransomware

By Ionut Arghire on November 15, 2016
A newly observed spam email campaign appears to be preying on last year’s US Office of Personnel Management (OPM) breach incident to distribute the Locky ransomware, PhishMe researchers warn.
Click to expand...

ronjor · Nov 16, 2016

Fake fax ushers in revival of a ransomware family

msft-mmpcNovember 15, 2016
“Criminal case against you” is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of recipients opening the malicious attachment.

We recently discovered a new threat that uses email messages pretending to be fax messages, but in truth deliver a ransomware downloader. The attachment used in this campaign, “Criminal Case against_You-O00_Canon_DR-C240IUP-4VF.rar”, is password-protected RAR archive file that, when extracted, is a trojan detected as TrojanDownloader:JS/Crimace.A.
Click to expand...

Minimalist · Nov 16, 2016

CryptoLuck Ransomware Emerges

Dubbed CryptoLuck, the new ransomware variant was discovered by "Kafeine", a Proofpoint researcher and maintainer of the Malware don't need Coffee blog. Noteworthy about the malware is that it abuses the legitimate GoogleUpdate.exe executable and leverages DLL hijacking to infect computers, in addition to asking for a 2.1 Bitcoin (around $1,500) ransom to be paid within 72 hours.
Click to expand...

http://www.securityweek.com/cryptoluck-ransomware-emerges

ronjor · Nov 18, 2016

Ransoc Ransomware Blackmails Victims

By Ionut Arghire on November 18, 2016
A newly observed piece of ransomware isn’t targeting files to encrypt as most threats in this category do, but rather scrapes Skype and social media profiles for personal information to encourage victims to pay the ransom
Click to expand...

.

Minimalist · Nov 18, 2016

Encryption ransomware hits record levels

The amount of phishing emails containing a form of ransomware grew to 97.25 percent during the third quarter of 2016 up from 92 percent in Q1.
Click to expand...

https://www.helpnetsecurity.com/2016/11/18/encryption-ransomware-hits-record-levels/

Minimalist · Nov 21, 2016

Locky ransomware spread via SVG images on Facebook Messenger

Researchers have discovered a new hacking campaign leveraging on Facebook Messenger to spread the Locky ransomware via SVG images.
Click to expand...

http://securityaffairs.co/wordpress/53650/malware/svg-images-locky.html

ronjor · Nov 21, 2016

Ransomware Surveys Fill In Scope, Scale of Extortion Epidemic

Terry Sweeney 11/21/2016
Half of all surveyed organizations have been hit with ransomware campaigns in the last year, many more than once
Click to expand...

ronjor · Nov 25, 2016

Cerber 5.0 Ransomware Uses New IP Ranges

By Ionut Arghire on November 25, 2016
The cybercriminals behind the notorious Cerber ransomware family have released three new versions of the malware this week, with the most notable change being the addition of new IP ranges in Cerber 5.0.
Click to expand...

Minimalist · Nov 25, 2016

Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts

According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer. Users who notice the download, and who then access the file, cause malicious code to install "Locky" ransomware onto their computers.
Click to expand...

http://arstechnica.com/security/201...ecoy-image-files-boobytrap-facebook-linkedin/

Minimalist · Nov 29, 2016

Customers of Liechtenstein banks blackmailed by ransomware

Hackers are targeting Liechtenstein banks with ransomware-based attacks. The situation is particularly concerning due to sensitive nature of the data that are stolen by crooks. Cyber criminals, in fact, are allegedly blackmailing customers by threatening to release their account data in case ransoms are not paid by the victims.
Click to expand...

http://securityaffairs.co/wordpress/53891/malware/liechtenstein-banks-ransomware.html

Log in or Sign up

Ransomware and Recent Variants

boredog Registered Member

itman Registered Member

ronjor Global Moderator

hawki Registered Member

ronjor Global Moderator

ronjor Global Moderator

lotuseclat79 Registered Member

ronjor Global Moderator

Minimalist Registered Member

hawki Registered Member

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

boredog Registered Member

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Log in or Sign up

Ransomware and Recent Variants

boredog Registered Member

itman Registered Member

ronjor Global Moderator

hawki Registered Member

ronjor Global Moderator

ronjor Global Moderator

lotuseclat79 Registered Member

ronjor Global Moderator

Minimalist Registered Member

hawki Registered Member

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

boredog Registered Member

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Useful Searches