ransomware | Page 10


Everyone has heard how ransomware shut down the networks of several large healthcare providers this past year. To get their systems unlocked, these organizations paid huge ransoms to cybercriminals. Healthcare networks are notoriously vulnerable, and have been tagged by the media and security professionals as the preferred target for these sorts of attacks.That may be about to change. Fortinet research conducted over the past several months shows that manufacturing is likely to be the next industry specifically targeted by ransomware. In our latest... [Read More]
by RSS Bill McGee  |  Jun 06, 2016  |  Filed in: Industry Trends
Fortiguard’s behaviour-based system designed to identify new malware has detected a German targeted ransomware. We named it Herbst, a German word which in English means Autumn. Ransom NoteThe Herbst ransom note appears in German in a dedicated window from its own running process. It demands that a ransom be paid in bitcoin. We have also been able to determine the bitcoin address. Ransome note details are listed below:File encryption: AES 256 bitRansom Price: 0.1 Bitcoin or approximately USD $53.80 as of today.Bitcoin Address: 18uM9JA1dZgvsgAaeeW2XZK13dTbk1jzWqFigure... [Read More]
by RSS Rommel Abraham D Joven  |  Jun 03, 2016  |  Filed in: Security Research
These past few weeks, here at FortiGuard Labs we have created a system which monitors Locky ransomware.This system collects new samples and extracts the configuration of the malware. Last 05/30/2016 and 05/31/2016, we found two new variants with some updates added to its code. In this post, we will share first its update specifically on its URI and HTTP POST request and then the new feature.URI updatePreviously, the URI had /userinfo.php which is found from its configuration. With the new variants discovered, the URI has been updated to /access.cgi,... [Read More]
by RSS Floser Usal Bacurio  |  Jun 01, 2016  |  Filed in: Security Research
Lately, healthcare has been making headlines due to an onslaught of ransomware attacks from viruses like TeslaCrypt and CryptoWall. As a result of many lucrative successes in extorting ransom payments, the industry has been rightly named the number one target of cyber criminals by several research groups. And it doesn’t seem to be slowing down. Cyber criminals are looking to profit off of the traditionally soft target healthcare has presented due to its general lack of highly secure network and data center architectures. According to a malwarebytes... [Read More]
by RSS Ryan Edwards  |  May 27, 2016  |  Filed in: Industry Trends
FortiGuard Labs uses the data it gathers from its over 2 million security sensors to keep an eye on trends related to ransomware--one of the areas of greatest concern when it comes to cyber security threats today.As a result of this effort, we previously talked about Locky’s rapid rise in prevalence in the first two weeks of its appearance. This time, we have observed yet another new ransomware family – Cerber – to be rapidly gaining prevalence in the wild. We gathered FortiGuard Intrusion Prevention System (IPS) telemetry... [Read More]
by RSS Kenichi Terashita and Roland Dela Paz  |  May 26, 2016  |  Filed in: Security Research
While ransomware has attracted much attention from security researchers lately, other malware hasn’t stopped. They are quietly seizing their own place in the attack market.  This article analyses one of them - “Bayrob”.  Our analysis is based on a new variant of Bayrob. We will discuss its background and describe some of its most interesting features, including the purpose of several different processes/services, code obfuscation, data encryption, and its C&C communication.  BackgroundThe family of “Bayrob” malware first showed up around... [Read More]
by RSS Sarah (Qi) Wu and He Xu  |  May 26, 2016  |  Filed in: Security Research
On April 25, 2016, Blue Coat published an article on a new Android Ransomware, called "Dogspectus.” On May 12, 2016, Dell SonicWALL published a separate report on the Android Lockscreen malware campaign with similar characteristics to Dogspectus. These similarities are not a coincidence. We began our own extensive investigation into this ransomware some time ago, and will share additional technical details of this malware here that have not been previously discussed. Technical Details The main Android Application Package (APK) of... [Read More]
by RSS Homing Tay  |  May 19, 2016  |  Filed in: Security Research
Locky, the professional grade ransomware has been causing headaches and damages to victim’s wallet for quite sometime. It uses the document-based macros for ransomware distribution, encrypts files on the victims’ computers with an additional‘.locky’ as extension which is what the ransomware is named after. Locky is professionally written, massively spread, costly if infected, most importantly it is evolving. It has been stable for the past year with no major version upgrade until recently. Our VEX system captured a new variant... [Read More]
by RSS Donna Wang  |  May 04, 2016  |  Filed in: Security Research
Back when I was in college, I remember one day our class asked our programming professor, “how do we create a virus?” Understandably, our professor refused to answer the question. However, after some persuading, he eventually agreed to give us one example. It looked like this: del C:\\*.* Suddenly, the class was enlightened. More than that, I was personally astounded. How could a single line of code do so much damage?? Fast forward to today, and I am still astounded, perhaps for a slightly different reason. I came to realize... [Read More]
by RSS Roland Dela Paz  |  Apr 12, 2016  |  Filed in: Security Research
You could call healthcare security breaches a rising epidemic.  According to Christopher Moynier, Healthcare Systems Engineer for Fortinet, it could “become a life or death situation.” Healthcare organizations today are uniquely vulnerable to insidious security threats. This is due in part to the extremely high value of their data, but it’s also because healthcare has lagged behind in security. For years, healthcare IT administrators have been pushed to adapt to new regulatory schemes and provide new functionality for providers... [Read More]
by RSS Susan Biddle  |  Apr 11, 2016  |  Filed in: Industry Trends