Ransomware Timeline: 2010 – 2017 https://labsblog.f-secure.com/2017/04/18/ransomware-timeline-2010-2017/
New version of the CryptoMix Ransomware Using the Wallet Extension https://www.bleepingcomputer.com/ne...ptomix-ransomware-using-the-wallet-extension/
Of importance to anyone using the Win firewall or a AV product that also optionally allows for Win outbound firewall rules to employed is this "goodie" the latest Cerber variant, Cerber 6, is employing: -EDIT- A couple of other "goodies" about Cerber 6: Also Cerber 6 can be deployed by creating a scheduled task. Makes me believe it may have "taken a page" from Trickbot's malware playbook and is creating a SID to do so. If this is indeed the case, we definitely have a major Win vulnerability in the wild.
To use this you need a encrypted file as well as an unencrypted one? Where are they suppose to get the unencrypted file?
The assumption I believe is that somewhere you have a copy of an encrypted file stored offline that you can use. Or for an encrypted .pdf prior download for example, download it from the original source again. Also more important is that all traces of the ransomware are removed prior to accessing any offline storage device.
If I wouldn't have unencrypted copy of files I would probably download some file from net and wait till malware encrypts it. I don't know if it would work but that way I could get a pair. If same encryption details were used for both encryption processes, recovery tool would get info to decrypt other files also (for which I don't have an unencrypted pair).
Yet another Emsisoft Decrypter released, this time for the ransomware Amnesia https://decrypter.emsisoft.com/amnesia
In this article is a link to another article on User Behavior Analytics that is worth a read: http://searchsecurity.techtarget.com/definition/user-behavior-analytics-UBA . Notablely the following: Something for individuals to ponder before taking the leap into "Next Gen" anti-malware technology.
RSAUtil Ransomware Distributed via RDP Attacks http://www.securityweek.com/rsautil-ransomware-distributed-rdp-attacks
Indicators Associated With WannaCry Ransomware Original release date: May 12, 2017 | Last revised: May 13, 2017 Systems Affected Microsoft Windows operating systems The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S. This Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.
BTCWare Ransomware Master Key Released, Free Decrypter Available https://www.bleepingcomputer.com/ne...master-key-released-free-decrypter-available/
