Bart – Page 2 – WindowsTechs.com

MAFIA ransomware targeting users in Korea

Posted on August 12, 2018 by Bart

A new ransomware family was discovered by MalwareHunterTeam, which we’ll call MAFIA due to the extension it uses to encrypt files. The ransomware appears to target users in Korea, and may have been developed with at least knowledge of the Korean langua… Continue reading MAFIA ransomware targeting users in Korea→

RedEye ransomware: there’s more than meets the eye

Posted on June 6, 2018 by Bart

A rather anonymous account reached out to me on Twitter asking to check out a “scary & really nasty” sample.
It turned out to be RedEye ransomware, a new strain or variant by the same creator of Annabelle ransomware, which I discovered in February … Continue reading RedEye ransomware: there’s more than meets the eye→

PSCrypt ransomware: back in business

Posted on May 7, 2018 by Bart

PSCrypt is ransomware first discovered last year, in 2017, targeting users and organisations alike in Ukraine, and the malware itself is based on GlobeImposter (“GI”) ransomware.
I’ve written about PSCrypt in the past, when it was distributed via Cryst… Continue reading PSCrypt ransomware: back in business→

Vietnamese ransomware wants you to add credit to a mobile phone

Posted on May 5, 2018 by Bart

In this quick blog post we’ll have a look at BKRansomware, a Vietnamese ransomware that wants you to top up its phone.
AnalysisThis ransomware is named “BKRansomware” based on the file name and debug path. Properties:

MD5: 892da86e60236c5aaf26e5025af0… Continue reading Vietnamese ransomware wants you to add credit to a mobile phone→

Ransomnix ransomware variant encrypts websites

Posted on April 28, 2018 by Bart

Ransomnix is a (likely Jigsaw) ransomware variant that holds websites for ransom, and encrypts any files associated with the website.
This ransomware was discovered in the second half of 2018, and there’s a brief write-up by Amigo-A here as well: … Continue reading Ransomnix ransomware variant encrypts websites→

Satan ransomware adds EternalBlue exploit

Posted on April 22, 2018 by Bart

Today, MalwareHunterTeam reached out to me about a possible new variant of Satan ransomware.
Satan ransomware itself has been around since January 2017 as reported by Bleeping Computer.
In this blog post we’ll analyse a new version of th… Continue reading Satan ransomware adds EternalBlue exploit→

This is Spartacus: new ransomware on the block

Posted on April 15, 2018 by Bart

In this blog post, we’ll analyse Spartacus, one of many new ransomware families popping up in 2018.
Analysis
This instance of Spartacus ransomware has the following properties:
MD5; 25dee2e70c931f3fa832a5b189117ce8SHA1; a01294ffd541229718948e17f791694e… Continue reading This is Spartacus: new ransomware on the block→

CryptoWire ransomware not dead

Posted on April 12, 2018 by Bart

CryptoWire is an “open-source” ransomware based on the AutoIT scripting language, and has been around since 2016. For some background, read the following post on Bleeping Computer:”Proof of Concept” CryptoWire Ransomware Spawns Lomix and UltraLocker Fa… Continue reading CryptoWire ransomware not dead→

Maktub ransomware: possibly rebranded as Iron

Posted on April 10, 2018 by Bart

In this post, we’ll take a quick look at a possible new ransomware variant, which appears to be the latest version of Maktub ransomware, also known as Maktub Locker.
Hasherazade from Malwarebytes has written an excellent blog on Maktub in the past:Mak… Continue reading Maktub ransomware: possibly rebranded as Iron→

Fake Steam Desktop Authenticator steals account details

Posted on February 25, 2018 by Bart

In this blog post, we’ll have a quick look at fake versions of Steam Desktop Authenticator (SDA), which is a “desktop implementation of Steam’s mobile authenticator app”.
Lava from SteamRep brought me to the attention of a fake version of SDA floa… Continue reading Fake Steam Desktop Authenticator steals account details→