The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

The APT38 (Advanced Persistent Threat) is back in the news with a new hacking tool called CLEANTOAD. This hacking group also is known as Lazarus and operates from North Korea. It is believed that the APT38 group is sponsored by the North Korean government and carries out hacking campaigns on their behalf. This hacking group operates on a very high level, and some of its members are wanted by the FBI. Quiet Operations Most of the APT38's campaigns are motivated financially, and their targets tend to be banks and various other financial institutions. The APT38 group is rather patient when operating and is known to take its time and carry out attacks over long periods. This helps its threatening activity to remain under the radar of their targets for longer. Often, the APT38 group's campaigns deliver several payloads with different...

The Exaramel hacking tool is a threat, which was spotted in one of the campaigns of the TeleBots hacking group recently. When studying the threat, malware researchers noticed that the Exaramel malware is rather similar to another hacking tool in the arsenal of the TeleBots group called Industroyer. The TeleBots hacking group has been very active in recent years and has made many headlines with its threatening campaigns. Its most famous operation took place in 2015 and involved them, causing a blackout, which had never before been achieved with malware. The TeleBots group also is the one behind the infamous Petya Ransomware, which plagued the Web for a while. The threat would lock the MBR (Master Boot Record) of the hard drive on the targeted system. Delivered as Secondary Payload The Exaramel malware is a backdoor Trojan, and it is...

Email tactics have been around since the dawn of the Internet. We, as humans, have a desire for the unearned and cybercriminals, have developed numerous tricks and social engineering techniques to trick us. Often, email tactics would claim that the user has won and an expensive item or an exotic holiday or resort to fear-mongering tricks to achieve their end goal. Email Poses as a Sexual Harassment Complaint The 'HARASSMENT COMPLAINT' email scam is a new trick that can be seen to deliver a variety of different messages, which are crafted carefully based on information about the recipient, such as their field of work or their profile. The message would state that the user has been accused of sexual harassment and it is being sent by the 'U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION.' You can see how, in the era of 'Me Too,' cyber crooks...

A new ransomware threat called AnteFrigus Ransomware has been spotted recently. What is interesting about this threat is that its authors are not propagating it via the usual channels like spam emails, bogus application updates or torrent trackers. Instead, the creators of the AnteFrigus Ransomware have opted to utilize the RIG Exploit Kit. This leads malware researchers to believe that the creators of the AnteFrigus Ransomware are rather high-end cybercriminals with advanced skills and experience. Does not Target Data on the C: Partition Another notable feature of the AnteFrigus Ransomware is that unlike most ransomware threats, which make sure to encrypt as much data as possible, this data-encrypting Trojan only goes after files, which are located on the D,: E,: F,: G,: H: and I: partitions. Having in mind that most regular users...

The Grod Ransomware is a brand-new data-locking Trojan that researchers have uncovered. After studying it, it became clear that the Grod Ransomware belongs to the notorious STOP Ransomware family – the most active ransomware family in 2019. Propagation and Encryption It is not clear how the Grod Ransomware is being propagated. Some believe that the creators of the Grod Ransomware are using mass spam email campaigns, fake software updates and bogus pirated copies of legitimate applications. However, the exact infection vector has not been pinpointed. Once the Grod Ransomware manages to compromise the targeted host, it will scan all the files, which are stored on the computer. The Grod Ransomware targets a wide variety of file types, as this ensures more damage. The more files that the Grod Ransomware locks, the greater the chance that...

One of the ultimate ransomware threats to be detected by cybersecurity researchers is the PureLocker Ransomware. It is likely that the PureLocker Ransomware is available to be rented as a ransomware-as-a-service tool. This makes it far more threatening as we can never know how many shady individuals have gotten their hands on the PureLocker Ransomware and are propagating it. Thankfully, the authors of the PureLocker Ransomware have set the price rather high, so not many criminals will be able to afford the substantial sum. Impressive Self-Preservation Techniques The PureLocker Ransomware is written in a programming language called PureBasic. The PureBasic programming language allows a threat to be very flexible since malware written in this language can be reworked to be executed on systems running Windows, OSX and Linux. The fact that...

The most active ransomware family in 2019 has undoubtedly been the STOP Ransomware family, with numerous variants of this file-locking Trojan popping up. One of the newest copies of the STOP Ransomware family that was spotted by malware researchers is called the Peet Ransomware. Propagation and Encryption The infection triggers utilized in the spreading of the Peet Ransomware have not yet been revealed. Some cybersecurity experts believe that among the propagation methods used in the Peet Ransomware campaign may be spam emails containing infected attachments, bogus application updates, and fake pirated copies of popular software tools. Upon infiltrating a system, the Peet Ransomware will start a scan whose aim is to locate all the files, which fit the ransomware threat's criteria. Like most threats of this type, the Peet Ransomware...

Ransomware threats are among the most popular malware types nowadays, undoubtedly. There are ransomware-builder kits, which have made the creation of ransomware threats easy exceptionally and have thus lowered the entry bar allowing an ever-growing number of cybercriminals to create and propagate this malware kind. One of the newest spotted ransomware threats is called the Dharma-Ninja Ransomware. The Dharma-Ninja Ransomware is a variant of the very popular Dharma Ransomware. Propagation and Encryption It is not known how the Dharma-Ninja Ransomware is being spread exactly. Some researchers believe that the authors of the Dharma-Ninja Ransomware may be using mass spam email campaigns, fake software updates, and bogus pirated variants of legitimate applications to propagate this nasty file-locking Trojan. The Dharma-Ninja Ransomware...

A brand-new file-encrypting Trojan has been spotted in the wild. Its name is JesusCrypt Ransomware. Once malware researchers came across the JesusCrypt Ransomware, they made sure to dissect the threat. What they discovered is that this ransomware threat is an unfinished project with some ‘good’ potential. Cybersecurity experts speculate that this may be a variant of the HiddenTear Ransomware, but this is yet to be confirmed. Propagation and Encryption It is not clear what propagation methods are the attackers using to spread the JesusCrypt Ransomware. The most commonly used infection vector is spam emails. These emails often contain a fraudulent message riddled with social engineering tricks whose sole purpose is to lure the user into opening the attached file. The message may make it seem like this is an important and yet completely...

You might have stumbled upon the Send-news.net website if you were looking for illicit free streams or pages hosting other shady content whose operators have been paid to promote the dodgy site. The Send-news.net is a dubious Web page whose goal is to get the user to allow the site to send browser notifications. This is not to say that browser notifications are always a pest. Legitimate websites offer to send browser notifications that can be of great help to users. However, this is what happens with the Send-news.net. Instead, this shady website will attempt to promote low-quality products and dodgy services, turning browser notifications into constant pop-up advertisements effectively, which will surely disrupt your browsing. Uses Social Engineering Tricks The Send-news.net site uses several social engineering tricks to get the user...

Glimpse is a newly uncovered hacking tool that is believed to be the creation of the OilRig group. This hacking group is also known as APT34 (Advanced Persistent Threat) and originates from Iran. Malware researchers have been familiar with the OilRig hacking group for a while, and they are known to be highly-skilled and very threatening. The Glimpse malware is built in a very interesting fashion. The Glimpse threat uses the DNS protocol instead of utilizing the usual, and rather noisy FTP or HTTP connections. However, despite this significantly reducing the noise of the harmful operation, it has some significant negative sides too. The use of the DNS protocol hinders the capabilities of the Glimpse threat greatly. The reason behind this is that this method only supports certain characters and has a limited quantity of data that can be...

A growing number of file-locking Trojans is being spotted daily as more and more cybercriminals dip their toes in the opportunities that ransomware threats offer. If one uses a ransomware building kit or borrows the code of an already established threat of this kind, it can be fairly easy to create a data-encrypting Trojan. This has lowered the entry bar for cyber crooks greatly and made ransomware threats wildly popular. One of the latest spotted ransomware threats is called the Octopus Ransomware. The Octopus Ransomware is a variant of the nefarious Phobos Ransomware. Propagation and Encryption The propagation method behind the Octopus Ransomware is yet to be revealed. Some researchers speculate that the attackers may have used the most common technique of spreading file-locking Trojans – spam email campaigns. This involves the...

The Kr Ransomware is one of the newest ransomware threats that have been spotted lurking on the Web. When researchers uncovered the Kr Ransomware, they studied the threat only to find out that this is yet another copy of the infamous Dharma Ransomware. It is likely that the Dharma Ransomware family has been the second most active ransomware family in the whole of 2019. Propagation and Encryption It is not known what infection vectors have been utilized in the propagation of the Kr Ransomware. There are experts believing that the creators of the Kr Ransomware may be using mass spam email campaigns, alongside torrent trackers, fake application updates, and bogus pirated copies of legitimate software tools. When the Kr Ransomware manages to infiltrate a host successfully, it will make sure first to scan all the data present on the system....

ExtraList is a Mac OS application, which can be classified as a PUP (Potentially Unwanted Program). While the ExtraList application will not harm your computer actively, it may reduce your browsing quality. This application is marketed as a tool, which will help the users get better and more relevant results when using a search engine. However, this is not the case certainly, and the ExtraList application will instead tamper with the settings of your browser to ensure that it sets up a different new tab page, or you use a search engine different than your default one. Instead of bettering the search results, the ExtraList application will likely irritate you and deliver low-quality search results. Lowers the Quality of Search Results The ExtraList application will likely promote advertisements that are not only irrelevant but may be...

The Platinum APT (Advanced Persistent Threat) has remained active ever since it was first spotted back in 2009. The hacking group appears to operate in the Asia-Pacific region mainly, and it seems to target political organizations and high-ranking officials in the area. This is why cybersecurity researchers believe that a government in the region may be funding the operations of the Platinum APT, although these remain as speculations at this moment. Makes Sure to Remain under the Radar of Security Tools The Platinum hacking group has released a new tool named Titanium recently. The Titanium malware is a complex backdoor Trojan, which has a long list of capabilities. The Titanium Trojan’s self-preservation capabilities are impressive as this threat can detect malware debugging environments, anti-malware tools, and various security...