Ransomware and Recent Variants

Discussion in 'malware problems & news' started by ronjor, Mar 31, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    https://threatpost.com/low-cost-ransomware-service-discovered
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    https://www.helpnetsecurity.com/2017/04/21/ransomware-cost/
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,478
    Location:
    U.S.A.
    http://blog.talosintelligence.com/2017/04/locky-returns-necurs.html
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    http://news.softpedia.com/news/near...s-pay-up-to-unlock-their-devices-515189.shtml
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    http://virusguides.com/ransomware-attacks-rise-hackers-focus-educational-healthcare-institutions/
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,516
    Location:
    Texas
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    https://threatpost.com/lack-of-communication-achilles-heel-for-ransomware-fighters
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,478
    Location:
    U.S.A.
    New version of the CryptoMix Ransomware Using the Wallet Extension
    https://www.bleepingcomputer.com/ne...ptomix-ransomware-using-the-wallet-extension/
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolution/
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,478
    Location:
    U.S.A.
    Of importance to anyone using the Win firewall or a AV product that also optionally allows for Win outbound firewall rules to employed is this "goodie" the latest Cerber variant, Cerber 6, is employing:
    -EDIT- A couple of other "goodies" about Cerber 6:
    Also Cerber 6 can be deployed by creating a scheduled task. Makes me believe it may have "taken a page" from Trickbot's malware playbook and is creating a SID to do so. If this is indeed the case, we definitely have a major Win vulnerability in the wild.
     
    Last edited: May 3, 2017
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
  13. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,478
    Location:
    U.S.A.
    Detailed instructions here: https://decrypter.emsisoft.com/howtos/emsisoft_howto_cry128.pdf
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,478
    Location:
    U.S.A.
    The assumption I believe is that somewhere you have a copy of an encrypted file stored offline that you can use. Or for an encrypted .pdf prior download for example, download it from the original source again.

    Also more important is that all traces of the ransomware are removed prior to accessing any offline storage device.
     
    Last edited: May 3, 2017
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    If I wouldn't have unencrypted copy of files I would probably download some file from net and wait till malware encrypts it. I don't know if it would work but that way I could get a pair. If same encryption details were used for both encryption processes, recovery tool would get info to decrypt other files also (for which I don't have an unencrypted pair).
     
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,516
    Location:
    Texas
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
  19. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    9,305
    Location:
    England
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,478
    Location:
    U.S.A.
    In this article is a link to another article on User Behavior Analytics that is worth a read: http://searchsecurity.techtarget.com/definition/user-behavior-analytics-UBA . Notablely the following:
    Something for individuals to ponder before taking the leap into "Next Gen" anti-malware technology.
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    https://www.infosecurity-magazine.com/news/slocker-android-ransomware/
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,478
    Location:
    U.S.A.
    RSAUtil Ransomware Distributed via RDP Attacks
    http://www.securityweek.com/rsautil-ransomware-distributed-rdp-attacks
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    http://blog.emsisoft.com/2017/05/11/jaff-ransomware-the-new-locky/
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,516
    Location:
    Texas
    Indicators Associated With WannaCry Ransomware

    Original release date: May 12, 2017 | Last revised: May 13, 2017
    Systems Affected
    Microsoft Windows operating systems
    The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.
    This Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,478
    Location:
    U.S.A.
    BTCWare Ransomware Master Key Released, Free Decrypter Available
    https://www.bleepingcomputer.com/ne...master-key-released-free-decrypter-available/
     
Loading...