Collaborate Disseminate
By Waqas
Security researchers at the Austin based Anti-virus software firm Forcepoint
This is a post from HackRead.com Read the original post: Ransomware Attack Involving Scarab Malware Sends Over 12M Emails in 6 Hours
Continue reading Ransomware Attack Involving Scarab Malware Sends Over 12M Emails in 6 Hours
SophosLabs looks at the summer of 2017’s most prolific ransomware families Continue reading 2018 Malware Forecast: learning from the long summer of ransomware
Researchers have spotted Locky ransomware infections emanating from the Necurs botnet via Word attachments using a DDE technique that Microsoft says is an Office feature and does not merit a security patch. Continue reading Necurs-Based DDE Attacks Now Spreading Locky Ransomware
It is Freaky Friday again today. The Locky gang must be having a long weekend off and left the apprentice in charge. They have made a bit of a mess up of encoding the files today and the so called 7z attachment is actually a base64 file that needs decoding … Continue reading → Continue reading Locky Freaky Friday Your Remittance Advice with base64 encoded attachments to emails instead of zip files
The next in the never ending series of Locky downloaders is an email with the subject of Copy of invoice A5165059014. Please find your invoice attached. pretending to come from online@screwfix.com They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and … Continue reading → Continue reading Fake Screwfix Copy of invoice A5165059014. Please find your invoice attached. delivers Locky ransomware
The next in the never ending series of Locky downloaders is an email with the subject of Copy of invoice A5165059014. Please find your invoice attached. pretending to come from online@screwfix.com They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and … Continue reading → Continue reading Fake Screwfix Copy of invoice A5165059014. Please find your invoice attached. delivers Locky ransomware
The 3rd version I have seen today in these never ending series of Locky downloaders has gone back to a traditional zip ( 7z) attachment containing a vbs file. This is an email pretending to be an Office 365 Invoice with the subject of Invoice pretending to come from the … Continue reading → Continue reading Fake Office 365 invoice delivers Locky ransomware
The next in the never ending series of Locky downloaders is an email with a blank / empty subject pretending to come from random names and email addresses. The body content pretends to be an invoice notification. There are no attachments with these emails but a link in the email body … Continue reading → Continue reading Another change with Locky delivery methods today. Payload embedded in a large .js file
After today’s earlier attempt at using Geo-Location to deliver alternative malware versions, depending where you are, the Locky gang have switched back tonight to “normal” vbs files with just 3 urls embedded, all downloading the same Locky Ransomware version. This next in the never ending series of Locky downloaders is … Continue reading → Continue reading More Locky ransomware delivered by fake Scan Data malspam pretending to come from your own email address
The next in the never ending series of malware downloaders coming from the necurs botnet is an email with the subject of Emailing: Scan0253 ( random numbers) pretending to come from random names at your own email address or company domain. Today they have changed delivery method and will give either Locky … Continue reading → Continue reading Necurs botnet spam now distributing Locky and Trickbot via same vbs file using geo-location techniques