ransomware


A few days ago, while scouring through Fortinet’s Kadena Threat Intelligence System (KTIS), we found an emerging spam campaign. Initially, it was the scale that caught our attention, and then it got a lot more interesting when the payload was found out to be a new variant of the infamous Locky. [Read More]
by RSS Floser Bacurio, Joie Salvio, Rommel Joven  |  Aug 14, 2017  |  Filed in: Security Research
The first day here at Black Hat is over. On the expo floor, a number of vendors are promoting that they now provide critical threat intelligence along with the other technologies they provide. Of course, in general, this is a good thing. The biggest challenge organizations have historically faced has been a lack of visibility into their networks, especially cloud and virtualized environments. The challenge, however, is how are organizations supposed to consume, correlate, and make use of all of this information? Dozens of intelligence feeds from... [Read More]
by RSS Anthony Giandomenico  |  Jul 27, 2017  |  Filed in: Industry Trends
Ransomware has recently reasserted itself into the public eye in a big way. The May cyberattack carried out by the malware WannaCry was one of the worst ransomware attacks ever, affecting over 300,000 computers operating MS Windows around the world. Unfortunately, the attack has once again demonstrated that far too many organizations do not have an effective security protocol in place, or do not take it seriously until after disaster strikes. In this case, the Microsoft vulnerability exploited by WannaCry had been patched in March, but many users... [Read More]
by RSS Amy Thompson  |  Jul 11, 2017  |  Filed in: Industry Trends
There have already been a lot of write-ups for the NotPetya malware. This article is just a supplement for what is already out there. Our focus is to highlight some key differences between a previous strain of the Petya ransomware and the malware that scared everyone a few weeks ago, which is now sometimes being referred to as NotPetya. I posted a blog post a couple of months ago about the MBR (Master Boot Record) infected by Petya. I explained how the ransomware infected the boot process and how it executed its own kernel code. In this post,... [Read More]
by RSS Raul Alvarez  |  Jul 09, 2017  |  Filed in: Security Research
Last week we started our technical analysis on Petya (also called NotPetya) and its so-called “killswitch.” In that blog post we mentioned that Petya looks for a file in the Windows folder that has the same filename (no extension) as itself (for example: C:\Windows\Petya). If it exists, it terminates by calling ExitProcess. If it doesn't exist, it creates a file with the attribute DELETE_ON_CLOSE. This seems to imply that instead of a killswitch, this file is meant to be a marker to check and see if the system has already been infected. After... [Read More]
by RSS Gabriel Hung and Margarette Joven  |  Jul 09, 2017  |  Filed in: Security Research
During a 2015 event at the Northwestern Institute for Policy Research, participating panelists discussed the digital revolution and the classroom’s exposure to it. At the time, school districts had begun to adopt 1:1 policies, where each student would have access to laptops or tablets. Google was at the forefront of this surge, gaining a healthy chunk of new users each year across the education industry. Today, the formidable duo of the Google Chromebook and the G Suite for Education has changed the way education is approached. In this... [Read More]
by RSS Susan Biddle  |  Jul 07, 2017  |  Filed in: Industry Trends
By now, you will have all heard about the rampant spread of ransomware through countless press pieces, blog articles, and far too often, the outrageous claims of some security vendors. But let’s stop and think for a minute or two. How did these attacks happen? Are companies focusing on valid threats, fixing the right problems, or developing correct processes? Have so-called disruptive technologies disrupted our thinking? Let’s not go tactical. Instead, we need to consider, “what is our best strategy?” Ever since the... [Read More]
by RSS Michael Xie  |  Jul 06, 2017  |  Filed in: Industry Trends
This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai, Wannacry, and Petya, launched one after the other. Of course, large-scale attacks aren’t new. Attacks like the ILOVEYOU worm and Code Red and Nimda were massive attacks, some of which affected exponentially more devices and organizations that this latest round of attacks. The spread of WannaCry and Petya were quickly curbed unlike these worms of the past. But this isn’t just about scale. Unlike in years past, the new digital... [Read More]
by RSS Derek Manky  |  Jul 03, 2017  |  Filed in: Industry Trends
Yesterday, a new ransomware wreaked havoc across the world. This new malware variant, which combines the functionality of ransomware with the behaviors of a worm, is being called Petya, Petrwrap, and even NotPetya, since researchers are still investigating as to whether its ability to modify the Master Boot Record of a targeted machine is based on the Petya family of malware. Fortinet has designated this new hybrid form of malware as a ransomworm, and this outbreak was reported to use the same worm mechanism to spread across the Internet as WannaCry,... [Read More]
by RSS Margarette Joven  |  Jun 28, 2017  |  Filed in: Security Research
We are currently tracking a new ransomware variant sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems. This is a new generation of ransomware designed to take advantage of timely exploits. This current version is targeting the same vulnerabilities that we exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as... [Read More]
by RSS Aamir Lakhani  |  Jun 27, 2017  |  Filed in: Industry Trends, Security Research