Collaborate Disseminate
A new ransomware called Fantom has been discovered that disguises itself as a Windows update. When executed, like the latest ransomware variants, it will encrypt your files and later ask for payment to decrypt them. The ransomware was written in C#. This code was retrieved from a publicly available ransomware framework. This was used by […]
The post Fantom Ransomware: Windows Update Disguise appeared first on ThreatTrack Security Labs Blog.
It’s like the Russian nesting doll of ransomware. We found this new ransomware delivery tactic particularly interesting and took a deeper look. Let’s start with some facts about a JSE File. A JSE File is an encoded JScript. The acronym stands for JScript Encoded File. This encoding can be done by the executable “screnc.exe” or […]
The post JSE File Downloads Zepto then Cerber 3 Ransomware appeared first on ThreatTrack Security Labs Blog.
Continue reading JSE File Downloads Zepto then Cerber 3 Ransomware
Recently, we’ve spotted Zepto ransomware spreading through spam email containing fake invoices (see image below). These attachments contain a Macro-Enabled word document file known as Donoff, which downloads the Zepto executable that encrypts all your files and will later ask for payment of the decryption key. We decided to take a closer look on the Donoff […]
The post Donoff Macro Dropping Ransomware appeared first on ThreatTrack Security Labs Blog.
ThreatTrack Labs has recently observed a surge of spam containing a zip attachment with a WSF (Windows Scripting File) to deliver Zepto ransomware. This tactic is a change from the common JavaScript and macro documents being spammed previously. Here are actual emails featuring familiar social engineering tactics: The zip attachments contain the WSF. An Interactive […]
The post Zepto Ransomware Packed into WSF Spam appeared first on ThreatTrack Security Labs Blog.
Reports of a Zero-day attack affecting numerous Office 365 users emerged late last month (hat tip to the researchers at Avanan), and the culprit was a new variant of the Cerber ransomware discovered earlier this year. As with the other Zero-day threats that have been popping-up like mushrooms of late, the main methods of infection […]
The post A Look at the Cerber Office 365 Ransomware appeared first on ThreatTrack Security Labs Blog.
Ransomware has become an increasingly serious threat. Cryptowall, TeslasCrypt and Locky are just some of the ransomware variants that infected large numbers of victims. Petya is the newest strain and the most devious among them. Petya will not only encrypt files but it will make the system completely useless, leaving the victim no choice but […]
The post A Glimpse at Petya Ransomware appeared first on ThreatTrack Security Labs Blog.
Security researchers recently discovered that the power outage in the Ukraine in December was caused by a malware and identified as an evolved version of BlackEnergy. This Trojan, dating back to 2007, was a popular malware that was previously sold in Russian underground sites. However, its design and architecture changed from performing simple HTTP DDos attacks to […]
The post Breaking Down the Malware Behind the Ukraine Power Outage appeared first on ThreatTrack Security Labs Blog.
Continue reading Breaking Down the Malware Behind the Ukraine Power Outage
Security researchers recently discovered that the power outage in the Ukraine in December was caused by a malware and identified as an evolved version of BlackEnergy. This Trojan, dating back to 2007, was a popular malware that was previously sold in Russian underground sites. However, its design and architecture changed from performing simple HTTP DDos attacks to […]
The post Breaking Down the Malware Behind the Ukraine Power Outage appeared first on ThreatTrack Security Labs Blog.
Continue reading Breaking Down the Malware Behind the Ukraine Power Outage
Credit: Christopher D. Del Fierro, Lead Malware Research Engineer, ThreatTrack Security We have seen Dridex since 2014 and it is still active in the wild today. This research will be focusing on analyzing Dridex and on how it is able to remain undetected by most antivirus engines. For those not familiar with Dridex, it is a malspam […]
The post What’s New with Dridex appeared first on ThreatTrack Security Labs Blog.
Credit: Christopher D. Del Fierro, Lead Malware Research Engineer, ThreatTrack Security We have seen Dridex since 2014 and it is still active in the wild today. This research will be focusing on analyzing Dridex and on how it is able to remain undetected by most antivirus engines. For those not familiar with Dridex, it is a malspam […]
The post What’s New with Dridex appeared first on ThreatTrack Security Labs Blog.