Items tagged with Ransomware
Just when we thought things had cooled down a bit in the botnet space, we're getting word of a new outbreak that it affecting PC users in the United States. Virobot has multi-pronged attack vector, and can not only place a victim's computer into a zombie botnet, but it also has a ransomware component. According to Trend Micro, it first discovered evidence of Virobot on September 17th, and found that it is similar in some respects to Locky. Once Virobot has found a willing host, it will then scan the registry to see if it has the go-ahead to begin encrypting files. If the coast is clear, it...
Read more...
Researchers have discovered a new strain of malware for Android devices that combines different styles of attack into a single package. Called MysteryBot, the new malware hits victims with a banking Trojan, keylogger, and ransomware in one fell swoop. The good news here is that the cybercriminals responsible for MysteryBot are still developing it, and it does not appear to be spreading in the wild at the moment. However, that could change at any time. Initially, the researchers thought they were looking at a revised version of LokiBot, a banking Trojan that targets Android devices. But upon closer...
Read more...
Normally when you think about ransomware you think about something clearly malicious such as Petya and others. You could get your files back if infected with Petya, but the hackers wanted $300 in bitcoin to do it. A new kind of ransomware, however, is making the rounds and this variant is based on the game PUBG (Player Unknown's Battlegrounds), of all things. PUBG is a battle royale style game that is played online in large multiplayer formats, and all this PUBG Ransomware wants you to do is play the game for an hour. Not so bad, right? Well, it is still ransomware. The ransomware...
Read more...
We are only months removed from the massive WannaCry cyberattack that hit hundreds of thousands of computers in over 150 countries, crippling some hospitals in the United Kingdom. WannaCry became an overnight global scare after spreading far and wide within the first few hours. Up until now, it was not clear where exactly the worm originated. According to the Trump administration, North Korea is to blame, just as security outfit Symantec suspected months ago. In an op-ed piece published in The Wall Street Journal, homeland security adviser Thomas P. Bossert publicly attributed the massive WannaCry...
Read more...
The largest spam botnet in the world has a new trick up its sleeve, prompting security outfit Check Point to place it back in its list of the top ten most prevalent malwares. Called Necurs, the botnet dished up more than 12 million emails in a single morning during the Thanksgiving holiday. What makes it even more annoying, however, is that hackers have added the relatively new Scarab ransomware to the botnet's list of dirty tricks. "The re-emergence of the Necurs botnet highlights how malware that may seem to be fading away, doesn’t always disappear or become any less of a threat. Despite...
Read more...
WannaCry Ransomware Attack That Crippled UK Hospitals Could Have Been Avoided With Basic IT Security
You might think that the massive number of security breaches that have happened in recent years would push corporate giants and medical facilities out there to take a look at their own security and ensure that their networks are protected. We are only a few months removed from the massive attack that breached Equifax and leaked the information on 143 million Americans into the wild. Now the UK's National Audit Office (NAO) is giving a postmortem following the WannaCry ransomware attacks that hit several hospitals in the country.The ensuing investigation found incredibly lax security protecting...
Read more...
Microsoft has found a way to fight back against the growing threat of ransomware, a devious type of malware that encrypts files and folders on a victim's PC and then demands a ransom—oftentimes in Bitcoin due to its anonymity—in exchange for unlocking the user's data. Some ransomware strains even come with a timer, after which the encrypted data is permanently deleted. A new feature in Windows 10 helps prevent all that from happening. One of the things Microsoft included in the recently released Fall Creators Update is a feature called "Controlled folder access." When enabled, this feature prevents...
Read more...
This has been a bad year for wide-scale ransomware attacks, where malware encrypt a user's computer and demands payment to unlock the machine. The two major ransomware attacks that have happened in 2017 include WannaCry and ExPetr (or Petya and NotPetya as they were also called). The hackers behind WannaCry cashed out their bitcoin ransom in August netting about $143,000. The year is almost over, but another major ransomware attack is underway and it is called Bad Rabbit. Kaspersky says that Bad Rabbit has infected several major Russian media outlets with Interfax and Fontanka.ru news agencies...
Read more...
Cybercriminals have developed a new form of Android ransomware that gives victims added incentive to pay up. In addition to scrambling the user's data with an AES encryption algorithm, the new ransomware replaces an infected device's personal identification number (PIN) with one that is randomly generated, effectively locking the rightful owner out. One the ransom is paid, the attacker can remotely reset the PIN and unlock the device. ESET, a security firm that offers antivirus solutions for both desktop and mobile devices, discovered the new ransomware and dubbed it DoubleLocker, since it locks...
Read more...
TrendMicro has published a report that claims that a "sizable" spam campaign is underway and other than just having a bunch of unwanted email to contend with, the spam campaign is also pushing ransomware. The spam campaign is said to be distributing the latest variant of Locky, which is the ransomware that invaded LinkedIn back in November of last year via bogus leads. The security firm says that it has looked at samples of these recent spam campaigns and has found that criminals are using some sophisticated distribution methods to affect users in over 70 countries. Along...
Read more...
Cyber crooks have found a new way to ruin a person's day with ransomware. Traditionally most ransomware encrypts a victim's storage device and then demands a ransom in order to unlock the files. Some of the nastier versions will put a time limit on receiving payment before the ransomware starts permanently deleting files. Now there is version making the rounds that not only encrypts a victim's files, it steals Bitcoin wallets as well.The new variant of the Cerber ransomware takes a dual approach to extracting fund from a victim. It searches for one of three Bitcoin wallet applications, those being...
Read more...
Here's something you don't see too often: a ransomware creator unearthing the master decryption key for public consumption. That's exactly what we're seeing from Petya's original developer, allowing those affected by certain versions of Petya to recover their data, and developers the ability to create decrypters to make the entire process that much easier. Unfortunately, there are a number of major caveats here. The biggest one is the fact that most of those affected by these specific versions of Petya dealt with it last year, not recently. It stands to reason that many of those folks did not clone...
Read more...
Over the past few years, one of the most prevalent types of malware has been ransomware - an infection that automatically locks down your sensitive data, and then makes you buy it back with your hard-earned cash. In May, one of the hardest-hitting ransomware strikes occurred, via the appropriately named WannaCry. Now, that's "old" news; today, the major threat is Petya, another piece of ransomware. Or is it? That's the big question. As we covered a couple of times this week, Petya is designated as ransomware that seems to be mostly striking computers in Europe. If infected, the user is told to...
Read more...
There are no days off in Redmond, at least not for Microsoft. Hot on the heels of dealing with the WannaCry ransomware outbreak, Microsoft has now addressed reports of a new ransomware making the rounds, one that shares similar code with Petya, a nasty piece of ransomware in and of itself. What makes this new strain so dangerous is that it is capable of spreading across networks like a worm. This new ransomware is more sophisticated than the original Petya outbreak. According to Microsoft, the initial strain seems to originate from a Ukrainian company that builds a pierce of accounting software...
Read more...
