ransomware


A major challenge facing security vendors today is that most solutions and products are developed based on knowledge of previous threats that already exist. This makes many security solutions reactive by their very design, which is not a tenable strategy for facing the volume of new attacks and strategies arising today. This arms race of identifying new threats, then reacting has been the primary strategy since the dawn of malware: A new virus is identified and then security vendors write the antivirus signature to block it; a polymorphic virus... [Read More]
by RSS Douglas Jose Pereira  |  May 23, 2017  |  Filed in: Security Research
A perspective blog with Derek Manky, Global Security Strategist, Fortinet. We asked Derek to put WannaCry into context. Is this just the eye of the storm? [Read More]
by RSS Bill McGee  |  May 18, 2017  |  Filed in: Industry Trends & News, Security Research
WannaCry FAQ: How does WannaCry spread? WannaCry has multiple ways of spreading. Its primary method is to use the Backdoor.Double.Pulsar backdoor exploit tool released last March by the hacker group known as Shadow Brokers, and managed to infect thousands of Microsoft Windows computers in only a few weeks. Because DoublePulsar runs in kernel mode, it grants hackers a high level of control over the compromised computer system. [Read More]
by RSS Aamir Lakhani  |  May 17, 2017  |  Filed in: Security Research
  Over the past few days WannaCry malicious malware variants affect hundreds of organizations across the world. This cyberattack spread primarily by exploiting a vulnerability whose manufacturer had issued a critical security update for over two months ago. While there are certainly reasons why it may take an organization some time to patch vulnerable systems, including the risk of updating live systems, two months should be plenty of time for any organization to take appropriate steps to secure their environment. With the recent malware... [Read More]
by RSS Phil Quade  |  May 16, 2017  |  Filed in: Security Research
On May 12th, 2017 the ransomware WannaCry disrupted hundreds of organizations in dozens of countries. The ransomware encrypts personal and critical documents and files and demands approximately $300 USD in BitCoin currency for the victim to unlock their files. [Read More]
by RSS Aamir Lakhani  |  May 15, 2017  |  Filed in: Security Research
The WannaCry malware was responsible for a massive infection beginning that affected organizations and systems around the world. FortiGuard Labs has been monitoring this malware carefully. We have provided an analysis of this attack, along with how to protect your organization here.  In this blog post I’ll briefly describe some of the distinct characteristics of each version of this malware, from beta to the latest 2.0 version, and share some interesting findings. Beta Version: We discovered this beta version around Feb 9th,... [Read More]
by RSS Kyle Yang  |  May 15, 2017  |  Filed in: Security Research
Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. Tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016. [Read More]
by RSS Aamir Lakhani  |  May 12, 2017  |  Filed in: Security Research
Tags: ransomware
Digital Video Recorders / Network Video Recorders (DVR/NVR) Back in 2015, our telemetry detected a relatively small number of IPS signature hits on known vulnerabilities targeting DVR/NVR devices (~ 749 hits). In 2016, however, we saw this number increase alarmingly to around 1.5 million hits. By using a size comparison chart again, we can see the huge increase more clearly when we compare both years, as shown below: The question, of course, is what contributed to this huge increase in detected hits? Once again, let’s look at the... [Read More]
by RSS Gavin Chow  |  Mar 24, 2017  |  Filed in: Security Research
Attacks targeting and originating from IoT devices began grabbing news headlines toward the last quarter of 2016. Insecure IoT devices became the low-hanging fruit for threat actors to easily exploit. Some were even notoriously used as botnets to launch DDoS attacks against selected targets. For example, the infamous Mirai botnet exploited weak login vulnerabilities in insecure IoT devices such as IP cameras and home routers, and was responsible for one of the largest known DDoS attacks to date. Besides being used in DDoS attacks, exploited IoT... [Read More]
by RSS Gavin Chow  |  Mar 06, 2017  |  Filed in: Security Research
Dot ransomware is a new Ransomware-as-a-service(RaaS) that is openly available in hacking forums. And following the current trend in malware services, it uses web portals hosted in the TOR network for anonymity. Commission-based Profit While lurking in hacking forums, we came across a post for this new ransomware service. RaaS services are now switching from a one-time fee or subscription payment model to a commission based strategy. One advantage of this scheme is that the up front price for the ransomware is free, and any profits realized... [Read More]
by RSS Rommel Joven  |  Mar 02, 2017  |  Filed in: Security Research