Fortinet has discovered a new open-source PHP ransom malware that has been targeting web sites using a simple encryption algorithm that is effective enough to really frighten web server owners. What is more interesting, however, is the information we have uncovered regarding the possible roots of the attacks/attackers. Basing only on the email address that it uses for ransom negotiations, “japanlocker@hotmail.com”, victims and researchers alike may make an obvious guess where the attacks may have come from. However, our investigation... [Read More]
by RSS Artem Semenchenko and Joie Salvio  |  Oct 19, 2016  |  Filed in: Security Research
  Another new ransomware has joined the file-encrypting bandwagon. Only this time, instead of choosing what types of files to encrypt, it has decided to join the league of a few others and encrypt the entire disk directly using an open-source tool called DiskCryptor. This is not the first time that disk-encrypting ransomware has hit the spotlight. Earlier this year, Petya ransomware wreaked havoc by encrypting disks through the master file table (MFT), denying access to user files. Unlike that former attack, however, this new ransomware... [Read More]
by RSS Joie Salvio  |  Sep 27, 2016  |  Filed in: Security Research
It’s been just less than a month since the Shark Ransomware was discovered, and there is already an upgrade from the same authors, along with a new Ransomware-as-a-Service (RaaS) website,a new name, and new features. While this site follows the standard RaaS business model being commonly used by other ransomware developers, it has a new twist.  Besides the usual offer to let users customize and build their own ransomware, Atom is being promoted as a “Ransomware Affiliate Program.” The twist is that it offers the soon-to-be... [Read More]
by RSS Rommel Joven  |  Sep 12, 2016  |  Filed in: Security Research
Q&A on Encryption with Aamir Lakhani Encryption remains a hotly debated topic of discussion in cybersecurity. Fortinet’s Aamir Lakhani offers some perspective on what customers think about encryption today and going forward. Why is encryption currently such a hot topic? Privacy is a major concern right now. The Edward Snowden leaks in 2013 made people more aware than ever about their lack of privacy. They have also raised such questions as: Do we have a fundamental right to privacy? How far do we protect privacy? In the past,... [Read More]
by RSS John Welton  |  Jul 07, 2016  |  Filed in: Industry Trends & News
On April 25, 2016, Blue Coat published an article on a new Android Ransomware, called "Dogspectus.” On May 12, 2016, Dell SonicWALL published a separate report on the Android Lockscreen malware campaign with similar characteristics to Dogspectus. These similarities are not a coincidence. We began our own extensive investigation into this ransomware some time ago, and will share additional technical details of this malware here that have not been previously discussed. Technical Details The main Android Application Package (APK) of... [Read More]
by RSS Homing Tay  |  May 19, 2016  |  Filed in: Security Research
The competition for the most secure instant messaging tool has been running for years. It re-surfaced this month when WhatsApp announced it has completed implementing end-to-end encryption. Curiously, in security research circles, this has resulted in endless debates between WhatsApp and Telegram. Very much like Emacs vs Vi, everybody has a (strong) opinion, but there is no general consensus. ;) I think we can agree that Signal, WhatsApp, and Telegram stand out as the most secure messaging solutions - thanks to end-to-end encryption or Perfect... [Read More]
by RSS Axelle Apvrille  |  Apr 15, 2016  |  Filed in: Industry Trends & News
Strong encryption is the security professional's arms race. There is no such thing—and never has been nor ever will be—as unbreakable code. The best we can strive for is code that will take a cyberthief's computers so long to break that it becomes impractical. In short, the thief will conclude that there are much easier ways to make his money, softer targets to hit. The problem is that, thanks to Moore's Law and its various corollaries, computing power continually gets better, faster and can fit into smaller form factors.... [Read More]
by RSS Evan Schuman  |  Sep 09, 2015  |  Filed in: Industry Trends & News
PuTTY, the innocuous and ubiquitous terminal application that Windows users download regularly to connect to *nix systems, has been making headlines in the last month after an uptick in malicious activity set off red flags for researchers. As multiple outlets have reported, hackers have recompiled the open source software and inserted malicious code, creating a new “Trojan PuTTY”. The malware, which was originally discovered over two years ago, has been gaining substantial traction as cybercriminals leverage its ability to steal... [Read More]
by RSS Chris Dawson  |  Jun 29, 2015  |  Filed in: Industry Trends & News
While some of everyone's social media presence is inevitably publicly viewable, there are parts that we only want shared/visible to "friends" or other confirmed connections. Facebook, which is already using security tools like HTTPS with HSTS (HTTP Strict Transport Security) to authenticate and secure user/Facebook connections -- and offering a Tor "onion" site for users wanting even more security, announced on June 1 that it will be (slowly) letting (some) users PGP-encrypt the content (as in, message body and attachments,... [Read More]
by RSS Daniel Dern  |  Jun 09, 2015  |  Filed in: Industry Trends & News
CryptoWall is another entry in the popular category of malware known as ransomware. This type of malware holds your data hostage by encrypting your files and then charging a ransom to decrypt the files. The malware displays a message informing the victim that their files have been encrypted and that they have a limited time to pay the ransom before the cost of recovery goes up. To maximize their anonymity, the malware authors use the TOR network and require the ransom to be paid in Bitcoins, a trend that we are seeing more and more often. Figure... [Read More]
by RSS Brian Cheng  |  Aug 05, 2014  |  Filed in: Security Research