Hasherezade – WindowsTechs.com

Decryption Key to Original Petya Ransomware Released

Posted on July 7, 2017 by Tom Spring

The key to decrypt the original Petya ransomware has been reportedly released by the ransomware’s author. Continue reading Decryption Key to Original Petya Ransomware Released→

EternalPetya – yet another stolen piece in the package?

Posted on June 30, 2017 by Malwarebytes Labs

Since 27th June we’ve been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. Some believed, that it is a rip-off the original Petya, others – that it is another step in its evolution. However, so far, those were just different opinions, and none of them was backed up with enough evidence. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).

Categories:

Tags: attribution EternalPetya hasherezade hexedit janus Malwarebytes NotPetya NSA petya psexec ransomware

Continue reading EternalPetya – yet another stolen piece in the package?→

Explained: Sage ransomware

Posted on March 29, 2017 by Malwarebytes Labs

Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing outbreak of version 2.2. of this product.
Categor… Continue reading Explained: Sage ransomware→

Floki Bot and the stealthy dropper

Posted on November 10, 2016 by hasherezade

Floki Bot, described recently by Dr. Peter Stephenson from SC Magazine is yet another bot, based on the leaked Zeus code. However, the author came up with various custom modifications that makes it more interesting.Categories: Malware
Threat analysisT… Continue reading Floki Bot and the stealthy dropper→

Unpacking the spyware disguised as antivirus

Posted on August 25, 2016 by Malwarebytes Labs

Recently we got access to several elements of the espionage toolkit that has been captured attacking Vietnamese institutions. During the operation, the malware was used to dox 400,000 members of Vietnam Airlines.Categories: Malware
Threat analysisTags… Continue reading Unpacking the spyware disguised as antivirus→

Decrypting Chimera ransomware

Posted on August 11, 2016 by Malwarebytes Labs

We take a technical look at validating the leaked Chimera ransomware keys as well as if we can decrypt files with these keys.Categories: Cybercrime
MalwareTags: Chimeradecryptorhasherezaderansomware(Read more…) Continue reading Decrypting Chimera ransomware→

Analyzing baby ransomware

Posted on June 29, 2016 by Adam Kujawa

Satana, a new Petya-like ransomware, was discovered by our malware hunters and has been torn apart to show you the intricate details of how it works, why it’s not done and what we can expect moving forward.Categories: Cybercrime
MalwareTags: adam kuja… Continue reading Analyzing baby ransomware→

US, Canada Issue Ransomware Advisory

Posted on April 4, 2016 by Michael Mimoso

The United States and Canada issued a joint advisory on the threat posed by crypto-ransomware. Continue reading US, Canada Issue Ransomware Advisory→

Researchers Learning More About Petya Ransomware

Posted on March 29, 2016 by Michael Mimoso

Researchers are digging through samples of the Petya ransomware, and while they’ve learned some about its inner workings, they still haven’t mastered enough to come up with a decryptor. Continue reading Researchers Learning More About Petya Ransomware→