EternalPetya – yet another stolen piece in the package?

Since 27th June we’ve been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. Some believed, that it is a rip-off the original Petya, others – that it is another step in its evolution. However, so far, those were just different opinions, and none of them was backed up with enough evidence. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).

Categories:

Tags:

(Read more…)

The post EternalPetya – yet another stolen piece in the package? appeared first on Malwarebytes Labs.

Continue reading EternalPetya – yet another stolen piece in the package?

Explained: Sage ransomware

Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing outbreak of version 2.2. of this product.
Categor… Continue reading Explained: Sage ransomware

Unpacking the spyware disguised as antivirus

Recently we got access to several elements of the espionage toolkit that has been captured attacking Vietnamese institutions. During the operation, the malware was used to dox 400,000 members of Vietnam Airlines.Categories: Malware
Threat analysisTags… Continue reading Unpacking the spyware disguised as antivirus