So we have moved from extortion to blackmail. Next will be actual physical threats. Capture the SOBs and try them as terrorists. Send them to Guantanamo Bay as enemy combantants and water board them once a day for the next 5 years.
that was an 1800's saying now it would have to be revised as every 5 seconds today. Peter you are dating yourself now.
Great Cerber ransomware analysis here: https://blog.avast.com/misconfigure...are-targets-users-in-europe-and-north-america Classic process hollowing with all code run from memory: Let’s have a look at the downloaded .exe file. The structure shows that we are dealing with a NSIS Installer. Archive programs like 7-zip can open this archive and once opened we see a list of files in the archive. https://blog.avast.com/hs-fs/hubfs/Cerber/image3.png?t=1484345632120&width=466&height=147&name=image3.png As you can see from the list above, there are a few small decoy images, one dll library and one binary file called “Dontknow.tz”. The dll file has a functionality of a classic injector. It creates a suspended process, unmaps its executable section, allocates new memory block at the same address, writes the unpacked malware binary in the newly created process and executes it.
CryptoSearch Lets Users Move Ransomware-Encrypted Files http://www.securityweek.com/cryptosearch-lets-users-move-ransomware-encrypted-files
Spora ransomware goes freemium with four different payment options https://nakedsecurity.sophos.com/20...freemium-with-four-different-payment-options/
In regards to those in the camp that users blindly click yes to UAC prompts, here's a new ransomware that is betting its payload on that fact: https://www.bleepingcomputer.com/ne...gearing-up-for-possible-greater-distribution/
If this puppy hasn't convinced anyone of the need to do full image backups, nothing will. A bit more detail in this Malwarebytes article: https://blog.malwarebytes.com/threa...ers-comeback-including-recovery-instructions/
As if real ransomware wasn't enough of a problem, there is "fake" ransomware that appears to be quite successful in getting its victims to pay up: https://www.infosecurity-magazine.com/news/uk-firms-warned-of-fake-ransomware/
Of note: Another group which we have found in another large organization did not use any ransomware at all. They encrypted data manually. To do this they choose important files on a server and move it into a password protected archive.
