ThreatTrack Security Labs – WindowsTechs.com

Fantom Ransomware: Windows Update Disguise

Posted on September 19, 2016 by ThreatTrack Security Labs

A new ransomware called Fantom has been discovered that disguises itself as a Windows update. When executed, like the latest ransomware variants, it will encrypt your files and later ask for payment to decrypt them. The ransomware was written in C#. This code was retrieved from a publicly available ransomware framework. This was used by […]

The post Fantom Ransomware: Windows Update Disguise appeared first on ThreatTrack Security Labs Blog.

Continue reading Fantom Ransomware: Windows Update Disguise→

JSE File Downloads Zepto then Cerber 3 Ransomware

Posted on September 16, 2016 by ThreatTrack Security Labs

It’s like the Russian nesting doll of ransomware. We found this new ransomware delivery tactic particularly interesting and took a deeper look. Let’s start with some facts about a JSE File. A JSE File is an encoded JScript. The acronym stands for JScript Encoded File. This encoding can be done by the executable “screnc.exe” or […]

The post JSE File Downloads Zepto then Cerber 3 Ransomware appeared first on ThreatTrack Security Labs Blog.

Continue reading JSE File Downloads Zepto then Cerber 3 Ransomware→

Zepto Evasion Techniques

Posted on August 24, 2016 by ThreatTrack Security Labs

We’ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we’re seeing infected attachments with malicious macro scripts used as the entry point for the threat actor. (See images below of some recent spam samples.) As we dig deeper into our analysis, we found out that these macro scripts are not crafted […]

The post Zepto Evasion Techniques appeared first on ThreatTrack Security Labs Blog.

Continue reading Zepto Evasion Techniques→

Donoff Macro Dropping Ransomware

Posted on August 22, 2016 by ThreatTrack Security Labs

Recently, we’ve spotted Zepto ransomware spreading through spam email containing fake invoices (see image below). These attachments contain a Macro-Enabled word document file known as Donoff, which downloads the Zepto executable that encrypts all your files and will later ask for payment of the decryption key. We decided to take a closer look on the Donoff […]

The post Donoff Macro Dropping Ransomware appeared first on ThreatTrack Security Labs Blog.

Continue reading Donoff Macro Dropping Ransomware→

Zepto Ransomware Packed into WSF Spam

Posted on July 25, 2016 by ThreatTrack Security Labs

ThreatTrack Labs has recently observed a surge of spam containing a zip attachment with a WSF (Windows Scripting File) to deliver Zepto ransomware. This tactic is a change from the common JavaScript and macro documents being spammed previously. Here are actual emails featuring familiar social engineering tactics: The zip attachments contain the WSF. An Interactive […]

The post Zepto Ransomware Packed into WSF Spam appeared first on ThreatTrack Security Labs Blog.

Continue reading Zepto Ransomware Packed into WSF Spam→

A Look at the Cerber Office 365 Ransomware

Posted on July 13, 2016 by ThreatTrack Security Labs

Reports of a Zero-day attack affecting numerous Office 365 users emerged late last month (hat tip to the researchers at Avanan), and the culprit was a new variant of the Cerber ransomware discovered earlier this year. As with the other Zero-day threats that have been popping-up like mushrooms of late, the main methods of infection […]

The post A Look at the Cerber Office 365 Ransomware appeared first on ThreatTrack Security Labs Blog.

Continue reading A Look at the Cerber Office 365 Ransomware→

A Close Look at TeslaCrypt 3.0 Ransomware

Posted on June 8, 2016 by ThreatTrack Security Labs

TeslaCrypt is yet another ransomware taking the cyber world by storm. It is mostly distributed via a spear phishing email and through the Angler exploit kit. The Angler exploits vulnerability in Adobe Flash. The Angler exploit downloads a variant of the ransomware upon success. TeslaCrypt 3.0 possesses various updates, one of which renders encrypted files […]

The post A Close Look at TeslaCrypt 3.0 Ransomware appeared first on ThreatTrack Security Labs Blog.

Continue reading A Close Look at TeslaCrypt 3.0 Ransomware→

The Day the Earth Stood Still for CryptoWall

Posted on May 25, 2016 by ThreatTrack Security Labs

It’s been the norm in the cybersecurity industry to be intrigued and at the same time be infuriated by the people behind any successful large-scale malware attack. Ransomware is one such example. It’s been slowly released in the wild since the early 2009, but CryptoWall redefined the meaning of ransomware and took it to the […]

The post The Day the Earth Stood Still for CryptoWall appeared first on ThreatTrack Security Labs Blog.

Continue reading The Day the Earth Stood Still for CryptoWall→

Understanding the Latest Version of Locky Ransomware

Posted on May 18, 2016 by ThreatTrack Security Labs

It is one of the most prevalent spam malware in the wild today: Locky ransomware. The Locky malware authors started their campaign last year but didn’t become very active until January 2016 – and they haven’t slowed down since. Locky e-mails usually come in with an attached zip archive and once extracted may contain a […]

The post Understanding the Latest Version of Locky Ransomware appeared first on ThreatTrack Security Labs Blog.

Continue reading Understanding the Latest Version of Locky Ransomware→

A Glimpse at Petya Ransomware

Posted on May 3, 2016 by ThreatTrack Security Labs

Ransomware has become an increasingly serious threat. Cryptowall, TeslasCrypt and Locky are just some of the ransomware variants that infected large numbers of victims. Petya is the newest strain and the most devious among them. Petya will not only encrypt files but it will make the system completely useless, leaving the victim no choice but […]

The post A Glimpse at Petya Ransomware appeared first on ThreatTrack Security Labs Blog.

Continue reading A Glimpse at Petya Ransomware→