Collaborate Disseminate
An article by me for ESET, sparked off by a conversation with Kevin Townsend, in the wake of research commissioned by Malwarebytes, on the pros and cons of paying to get your data back after a ransomware attack. Read more here: Ransomware: To pay or not to pay? David Harley ESET Senior Research Fellow Continue reading Ransomware: Paying v. Not Paying
As I’m a little busy elsewhere right now, this is just a roundup of links: Trend Micro: New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files Check Point: CerberRing: An In-Depth Exposé on Cerber Ransomware-as-a-Service. Download the report from here, if you don’t mind sharing your contact details. David Bisson for Graham Cluley’s […] Continue reading Ransomware Links/Articles Roundup
For once, an article about Hitler that doesn’t invoke Godwin’s law… The Register’s John Leyden describes how Hitler ‘ransomware’ offers to sell you back access to your files – but just deletes them: Sloppy code is more risible than Reich, though. I don’t suppose this gang will finish its career in a bunker in Berlin, but I’d like to […] Continue reading Hitler Ransomware
Lengthy description/analysis of an interesting Android ransomware threat from McAfee: ‘Cat-Loving’ Mobile Ransomware Operates With Control Panel. I look forward to hearing commentary from Grumpy Cat. There is, however, no truth in rumours of a German language version known as BlackForestGato. David Harley Continue reading Android/Ransom.ElGato
At this year’s Def Con, Andrew Tierney and Ken Munro demonstrated how they created full-blown ransomware to take control of an unnamed brand of smart thermostat ‘and lock the user out until they paid up.’ Thermostat Ransomware: a lesson in IoT security. They observe that ‘Our intention was to draw attention to the poor state […] Continue reading Thermostat Hacking – a Hot Topic
Today’s second look at a link between tech support scams and ransomware is a bit more tenuous. In fact, it deals with a support scammer who was caught unaware by ransomware. After helping his parents out with a scam website that had tried to trick them into thinking their system had been compromised by the […] Continue reading Ivan Kwiatkowski on Scamming the Support Scammer
It’s been a while since I’ve had occasion to talk about the issues that sometimes link tech support scams and ransomware, but now a couple of relevant items have come along more or less simultaneously. First, let’s look at the malware Symantec calls Trojan.Ransomlock.AT. Symantec describes ‘a new ransomware variant that pretends to originate from […] Continue reading Ransomlock.AT: ransomware meets support scams
Testing lab SE Labs has been testing anti-malware programs in order to evaluate their effectiveness against ransomware: Anti-malware vs. ransomware: latest reports There are reports covering products intended for large businesses/enterprises, small-to-medium businesses, and home users/consumers. I haven’t looked at them in detail yet, but I expect them to be up to Simon Edwards’ usual high […] Continue reading SE Labs tests products against ransomware
Paul Ducklin describes in some detail the rising tide of ransomware arriving by email attachment in the form of a .LNK file, and how this bit of trickery works: Beware of ransomware hiding in shortcuts. It’s by no means a new approach to distributing malware, but evidently still successful, not least because ‘LNK files don’t follow the View file […] Continue reading Ransomware: the (Unfortunately Not) Missing .LNK
Paul Ducklin describes in some detail the rising tide of ransomware arriving by email attachment in the form of a .LNK file, and how this bit of trickery works: Beware of ransomware hiding in shortcuts. It’s by no means a new approach to distributing malware, but evidently still successful, not least because ‘LNK files don’t follow the View file […] Continue reading Ransomware: the (Unfortunately Not) Missing .LNK