Ransomware and Recent Variants

mantra · Sep 6, 2016

wat0114 said: ↑

No of course it's not the only way. Don't open unknown email attachments. That in itself is a really good start.
Click to expand...

hi
I guess we we need a good hips

ronjor · Sep 6, 2016

Cry Ransomware Uses UDP, Imgur, Google Maps

by Chris Brook September 6, 2016 , 2:40 pm
Ransomware purporting to come from a phony government agency, something called the Central Security Treatment Organization, has been making the rounds, researchers say.
Click to expand...

wat0114 · Sep 6, 2016

Yet another good reason to set UAC to highest level:

In case if UAC level is set to default (or lower), Cerber can bypass it silently. However, in case if it is set to the highest, the following alert pops up:

https://blog.malwarebytes.com/wp-content/uploads/2016/03/uac_notification-1.png

It keeps reappearing till the user click “Yes”:
Click to expand...

-https://blog.malwarebytes.com/threat-analysis/2016/03/cerber-ransomware-new-but-mature/

ronjor · Sep 8, 2016

The cost of ransomware attacks: $1 billion this year

By Danny Palmer | September 8, 2016 -- 11:46 GMT (04:46 PDT)
And it's only the beginning, with file locking malware only set to grow and take larger role in cybercrime, warn researchers.
Click to expand...

Minimalist · Sep 19, 2016

HDDCryptor Ransomware Locks Hard-Drive Boot Records

Researchers have spotted a new ransomware family that attacks a hard drive's MBR (Master Boot Record) and prevents PCs from booting up after encrypting their files.
Click to expand...

http://news.softpedia.com/news/hddcryptor-ransomware-locks-hard-drive-boot-records-508427.shtml

Minimalist · Sep 19, 2016

Crysis Ransomware Employing RDP Brute-Force Attacks in New Campaign

Security researchers say they've discovered a new Crysis ransomware distribution campaign that uses RDP brute-force attacks to compromise the computers of businesses in Australia and New Zealand.
Click to expand...

http://news.softpedia.com/news/crys...te-force-attacks-in-new-campaign-508444.shtml

Minimalist · Sep 24, 2016

MarsJoke Ransomware Targets the Government and K-12 Educational Sector

Crooks are targeting government and educational institutions with a new ransomware family named MarsJoke (or JokeFromMars), discovered in late August, but which came to life this week through a massive email spam wave.
Click to expand...

http://news.softpedia.com/news/mars...ment-and-k-12-educational-sector-508608.shtml

ronjor · Sep 27, 2016

Virlock ransomware can now use the cloud to spread, say researchers

By Danny Palmer | September 27, 2016 -- 13:00 GMT (06:00 PDT)

New strain of this two year old ransomware takes advantage of users syncing and sharing to spread infected files through the network
Click to expand...

Minimalist · Sep 27, 2016

New Open Source Linux Ransomware Divides Infosec Community

CryptoTrooper, an open source kit for building Linux ransomware, has divided the infosec community right down the middle.
Click to expand...

http://news.softpedia.com/news/new-...e-shows-infosec-community-divide-508669.shtml

Minimalist · Sep 28, 2016

Unlock92 Ransomware Is the Quiet Threat That Nobody Heard About

A ransomware variant that appeared in early July this year and was initially cracked and decrypted has quietly resurfaced in mid-August and has been spamming users ever since, with a determination seen only in the market's top ransomware families.
Click to expand...

http://news.softpedia.com/news/unlo...t-threat-that-nobody-heard-about-508742.shtml

ronjor · Sep 29, 2016

These ransomware tricks fool the most hardened security pro

Ryan Francis (CSO (US)) on 30 September, 2016
Cybercriminals use these methods to pull the wool over unsuspecting victims.
Click to expand...

stapp · Sep 29, 2016

Princess Locker Ransomware

we bring you Princess Locker; the ransomware only royalty could love
Click to expand...

http://www.bleepingcomputer.com/new...oyal-highness-the-princess-locker-ransomware/

Minimalist · Sep 29, 2016

Bitter Ransomware Operator Shuts Down Service and Deletes Decryption Master Key

After law enforcement seized servers belonging to Encryptor RaaS, a Ransomware-as-a-Service cyber-crime portal, the site's operators decided to close it down for good over the summer and deleted the master decryption key that would have allowed victims to recover their files.
Click to expand...

http://news.softpedia.com/news/bitt...nd-deletes-decryption-master-key-508796.shtml

Victek · Sep 29, 2016

Minimalist said: ↑

Bitter Ransomware Operator Shuts Down Service and Deletes Decryption Master Key

http://news.softpedia.com/news/bitt...nd-deletes-decryption-master-key-508796.shtml
Click to expand...

It would be nice to know if criminal charges were brought against this character.

ronjor · Sep 30, 2016

Ransomware spreads through weak remote desktop credentials

By Lucian Constantin IDG News Service | Sep 30, 2016 6:22 AM PT
A new ransomware program in Brazil uses RDP brute-force attacks to infect hospitals
Click to expand...

Minimalist · Oct 1, 2016

Locky Drops Offline Mode and Switches to New ODIN Extension

Locky, one of today's most dangerous and prevalent ransomware families, next to Cerber and CryptXXX, has gone through yet another update, this time dropping its support for offline mode and adding a new extension for encrypted files.
Click to expand...

http://news.softpedia.com/news/lock...d-switches-to-new-odin-extension-508840.shtml

Minimalist · Oct 3, 2016

Researchers break Marsjoke ransomware encryption

Victims infected with the MarsJoke ransomware can decrypt their files after researchers last week cracked the encryption in the CTB-Locker lookalike.
Click to expand...

https://threatpost.com/researchers-break-marsjoke-ransomware-encryption

Minimalist · Oct 4, 2016

How Stampado Ransomware Analysis Led To Yara Improvements

Some time ago, I was asked by a colleague to develop a set of Yara rules to detect samples of the Stampado ransomware family. (Yara is an open-source tool used by security researchers to spot and categorize malware samples according to a set of defined rules.)
Click to expand...

http://blog.trendmicro.com/trendlab...do-ransomware-analysis-led-yara-improvements/

ronjor · Oct 6, 2016

WildFire Ransomware Revived as "Hades Locker"

By Ionut Arghire on October 06, 2016

The actor behind WildFire, a piece of ransomware that emerged earlier this year, has decided to rebrand the malware after security researchers created a decryption tool for it.
Click to expand...

Minimalist · Oct 6, 2016

New Cerber ransomware variant kills common database-related processes

A new variant of the Cerber ransomware kills common database-related processes like those of the MySQL, Oracle and Microsoft SQL servers to encrypt files.
Click to expand...

http://securityaffairs.co/wordpress/51956/malware/new-cerber-ransomware.html

Minimalist · Oct 10, 2016

The fall of the Encryptor RaaS also thanks to Shodan

Law enforcement and security experts have dismantled the Encryptor RaaS architecture by localizing one of its servers with Shodan.
Click to expand...

http://securityaffairs.co/wordpress/52061/malware/encryptor-raas-fall.html

ronjor · Oct 11, 2016

DXXD Ransomware Encrypts Files on Unmapped Network Shares

By Ionut Arghire on October 11, 2016
A new ransomware family has emerged that targets servers and encrypts files on network shares even if they haven’t been mapped to the infected computer.
Click to expand...

ronjor · Oct 13, 2016

This is the newest tactic cybercriminals are using to deliver ransomware

By Danny Palmer | October 13, 2016 -- 11:15 GMT (04:15 PDT)
Cybersecurity researchers have spotted a surge in ransomware emails containing a type of file which isn't blocked by many providers.
Click to expand...

itman · Oct 13, 2016

ronjor said: ↑

This is the newest tactic cybercriminals are using to deliver ransomware
Click to expand...

Anyone who has disabled wscript.exe or is monitoring its execution is covered from this puppy.

cruelsister · Oct 13, 2016

In addition to js and wsf coded ransomware there has been an increasing number of hta Locky malware. These are totally independent of wscript but instead will use mshta and rundll32 to execute.

Log in or Sign up

Ransomware and Recent Variants

mantra Registered Member

ronjor Global Moderator

wat0114 Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

stapp Global Moderator

Minimalist Registered Member

Victek Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

itman Registered Member

cruelsister Registered Member

Log in or Sign up

Ransomware and Recent Variants

mantra Registered Member

ronjor Global Moderator

wat0114 Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

stapp Global Moderator

Minimalist Registered Member

Victek Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

itman Registered Member

cruelsister Registered Member

Useful Searches