ransomware | Page 10


Not long ago, ransomware was a problem for consumers. Early versions hit unsuspecting users as early as 2005 but, while alarming, weren’t especially difficult to defeat. Even 10 years ago, the enterprise was a very different place than it is today, with BYOD in its infancy and far greater separation between work and personal environments. Ransomware authors also had not really begun to leverage the social engineering tactics that made infection much more likely, even for relatively savvy users.   Fast-forward to 2015 and attackers... [Read More]
by RSS Chris Dawson  |  Oct 29, 2015  |  Filed in: Industry Trends
CryptoWall and its variants are among the best-known types of ransomware, malware that encrypts files on end user hard drives and then prompts for payment of a ransom to decrypt the files. In many cases, if users don’t have recent backups, their only option to recover these files is to pay the ransom.    CryptoWall Version 3 (CW3) is the most recent major variant that uses sophisticated backend technical and financial infrastructure to extort payments from users, all while employing a variety of measures to slow detection and... [Read More]
by RSS Derek Manky  |  Oct 28, 2015  |  Filed in: Industry Trends
RIG Exploit Kit was upgraded to v3.0 a while back. While RIG EK was never as active as other exploit kits such as Angler or Nuclear, it is one of the more 'stable' EKs in terms of its near constant presence on the Internet. We will talk about a recent RIG EK sample. Here is the landing page information captured by our automated system in FortiGuard Labs. Type Exploit Kit Name RIG.Exploit.Kit Attack ID 52114 Referrer... [Read More]
by RSS Tim Lau  |  Sep 30, 2015  |  Filed in: Industry Trends
Until relatively recently, mobile malware wasn't that different from early PC malware - It was annoying, it probably invaded your privacy, and it took a toll on system resources but it wasn't especially dangerous or costly in the way that modern weaponized malware used to attack PCs, servers, and point-of-sale systems was. And just as early malware primarily targeted a single OS (Windows), mobile malware remains almost exclusively a problem for Android. However, it appears that Stagefright has served as something of a wakeup call for the... [Read More]
by RSS Chris Dawson  |  Aug 12, 2015  |  Filed in: Industry Trends
There are already a couple of Android ransomware, but Android/Locker.CB!tr certainly is an interesting one. Smile! The malware is taking a picture of you   The malware claims it has detected "forbidden pornographic" pictures on your device, says it has reported it to the FBI and asks you to pay a fine of $500. To make the (fake) report appear even more scary, the malware displays your IP address and a picture of you. It says those were sent in the report to the FBI. Legend. Scare page of Android/Locker How did it... [Read More]
by RSS Axelle Apvrille  |  Aug 11, 2015  |  Filed in: Security Research
Fortinet recently encountered a new Ransomware-as-a-Service (RaaS) advertisement called “Encryptor RaaS”. The service is advertised on an onion-based domain via Tor2Web service and Fortinet detects the associated ransomware as W32/Cryptolocker.ABD9!tr.  Interestingly, the seller explicitly calls its website “Ransomware as a Service”, an AV industry language, where the advertised business model closely resembles the recently discovered “Tox” RaaS. The seller earns a 20% commission per infected user who... [Read More]
by RSS Roland Dela Paz  |  Jul 29, 2015  |  Filed in: Security Research
Although initially targeted at consumers, so-called “ransomware” has continued to make headlines as cybercriminals began shifting their attention to vulnerable businesses. The malware works by encrypting files on users’ computers and then charging fees to unencrypt these files. Organizations ranging from law enforcement to large enterprises have been hit and the entire family of malware (generally variants of the original Cryptolocker malware) has proven quite lucrative for cybercriminals. For a history of ransomware, click... [Read More]
by RSS Jose Luis Laguna  |  Jun 26, 2015  |  Filed in: Industry Trends
Recently, we have been receiving samples that use “decoys” to imitate what is to be expected from running a normal file. In this blog post, we will analyze one such sample that Fortinet detects as W32/Kryptik.CWXI!tr. Execution The sample uses an icon similar to Microsoft Word documents. Figure 1. File icon used by the malware. If our Windows Folder Options are set to “Hide extensions for known file types”, then we might not notice that the extension of this file is “scr”, which is associated with... [Read More]
by RSS Nathan Cheung  |  Feb 16, 2015  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Oct 24, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  Aug 23, 2014  |  Filed in: Industry Trends