Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

Ryuk Ransomware

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

Posted on August 23, 2018 in Ransomware

More Articles

The Lowdown on Ontario Hospitals Ryuk Ransomware Attacks

The Lowdown on Ontario Hospitals Ryuk Ransomware Attacks screenshot

Three Ontarian clinics have lately fallen prey to a cyber attack involving the popular Ryuk ransomware. The infection reportedly delayed patient care, took down email systems, and impeded the access to electronic medical records (EMRs), forcing staff members to process patient records the old way using a pen and a pad. Given the stealthy nature of the Ryuk ransomware, however, these may necessarily be the only affected hospitals so far. Instead, the attack may have reached many more health centers, unbeknownst to them yet. The Threat Can Linger for Weeks Unlike other widespread ransomware threats that typically strike while the iron is hot, Ryuk bides its time till it has harvested all...

Posted on October 22, 2019 in Computer Security

skip-2.0

The Winnti Group, (Advanced Persistent Threat), has been operating for a while, causing headaches to numerous victims. Malware researchers believe that the WinntiGroup is operating from China. The Winnti Group often targets companies that operate in the gaming industry or the business of software development. Their attacks are known to be stealthy and may often remain under the radar of their victims for a long time significantly. The hacking group has a decent arsenal of tools and is known to prefer stealth over destruction. Among their arsenal of hacking tools is the skip-2.0 backdoor Trojan. Exploits MSSQL Servers It is not clear what is the propagation method employed in the spreading of the skip-2.0 backdoor Trojan. However, cybersecurity experts have detected that in the campaigns involving the skip-2.0 Trojan, the Winnti Group...

Posted on October 22, 2019 in Backdoors

Nautilus

The Turla hacking group is an APT (Advanced Persistent Threat), which is known to be operating from the Russian Federation. Malware researchers believe that the Turla hacking group is sponsored directly by the Kremlin and is used in politically motivated attacks aimed at furthering Russian interests in the global political scene. They tend to attack organizations operating in the military, technology, and energy industries. The Turla hacking group also often launches attacks against various government bodies. Recently, cybersecurity experts have detected two new malware families who are believed to belong to the Turla hacking group – Nautilus and Neuron. So far, the Turla hacking group has used these two new strains in campaigns targeting companies in the United Kingdom. However, if these operations are successful, it is likely that...

Posted on October 22, 2019 in Malware

Neuron

One of the highest-tier Russian hacking groups goes by the name Turla. They are believed to be funded by the Russian government and are likely involved in all kinds of operations that aim at serving Russian interests abroad. President Putin has denied using the services of hackers countless times, but evidence gathered by cybersecurity experts would suggest otherwise. In 2017, a particularly vicious campaign was carried out by the Turla hacking group targeted companies operating in the United Kingdom. This operation used three of Turla’s hacking tools – Neuron, Nautilus, and the Snake rootkit. It is important to note that the Neuron threat does not belong to the LightNeuron malware family, which has also been developed by the Turla hacking group. Campaigns in the United Kingdom and Eastern Europe When following the traces of this...

Posted on October 22, 2019 in Malware

APT41

The APT41 (Advanced Persistent Threat) is a hacking group that is believed to originate from China. They are also known under the alias Winnti Group. This name was given to them by malware experts and came from one of their most notorious hacking tools called the Winnti backdoor Trojan, which was first spotted back in 2011. This hacking group appears to be mostly financially motivated. Targets the Gaming Industry Mainly Unlike most high-profile hacking groups that tend to target industries of great importance such as military, pharmaceutical, energy, etc., the Winnti Group prefers to go after companies operating in the gaming industry. Even their first most popular hacking tool, the Winnti backdoor Trojan, was propagated via a fake update for an online game, which was very popular at the time. Once this threat was uncovered, most users...

Posted on October 22, 2019 in Malware

ZUMKONG

The ZUMKONG infostealer is a hacking tool that is a part of the arsenal of the infamous APT37 (Advanced Persistent Threat). This hacking group is also known under the alias ScarCruft. Malware researchers have determined that this group of individuals is located in North Korea and is likely doing the bidding of Kim Jong-Un as hired mercenaries by the government. Therefore, it makes sense why most of the victims of the APT37 group are South Korean organizations and individuals in influential positions. Propagation Method It is likely that the ScarCruft hacking group is using spam email campaigns to propagate most of their threats, as this appears to be their preferred infection vector. The emails are usually tailored carefully since they do not tend to target everyday users but high-ranking employees or large corporations of government...

Posted on October 21, 2019 in Trojans

SLOWDRIFT

The North Korean government does not shy away from using hacking groups to do their bidding on the international stage. They are known to have been working with the notorious Lazarus hacking group for years, which has carried out numerous attacks aimed at furthering North Korean interests politically. Recently, they have begun working with another hacking group – ScarCruft. The ScarCruft group also is known as APT37 (Advanced Persistent Threat). They have carried out attacks against Middle Eastern targets, but most of their victims are located in South Korea. The ScarCruft hacking group does not go after everyday users - their efforts are concentrated on individuals in prestigious positions or large organizations. Propagation Method Usually, the ScarCruft hacking group uses email campaigns to propagate their hacking tools. More...

Posted on October 21, 2019 in Trojan Downloader

Wiki Ransomware

Ransomware threats have been one of the most popular security threats in the past few years. Unfortunately, they also are among the most harmful threats out there. One of the most well-known ransomware families is the Dharma Ransomware family. Cyber crooks have created countless variants of this infamous data-locking Trojan. Recently, a new variant of the Dharma Ransomware has emerged. Its name is Wiki Ransomware. Propagation and Encryption It is likely that the creators of the Wiki Ransomware are using emails containing macro-laced attachments to spread this nasty threat. It is also possible that they are employing bogus application downloads, torrent trackers, and fake copies of popular software tools to propagate the Wiki Ransomware. When the Wiki Ransomware compromises a computer, it will look for certain files to lock. Usually,...

Posted on October 21, 2019 in Ransomware

Kiss Ransomware

Ransomware threats have been plaguing the Internet for years now, and we will likely not see the end it any time soon. File-locking Trojans are easy to distribute and are one of the most vicious threats, which almost always guarantee destruction to the victim. Users who do not have an anti-malware tool installed and fail to update all their software regularly are the ones that are most vulnerable to ransomware threats. One of the most recently uncovered data-encrypting Trojans has been dubbed Kiss Ransomware. This threat does not appear to belong to any of the popular ransomware families. Propagation and Encryption It is likely that bogus pirated copies of legitimate applications, mass spam email campaigns, malvertising operations, and fraudulent application updates may be some of the infection vectors employed in the spreading of the...

Posted on October 21, 2019 in Ransomware

DictionaryBoss

Many Web browser extensions can be very helpful and improve one's browsing quality greatly. However, many dodgy individuals also have hopped on the train of browser extension creation. Such dubious actors do not aim at creating high-quality products, which will leave users satisfied and grateful. Instead, they tend to pump out low-quality browser extension tools, which often tend to cause irritation and can be an unwarranted hassle to remove. This is the case with the DictionaryBoss Google Chrome browser extension. This tool claims to be of great use for translating text and generating synonyms of words and phrases. It is likely that the creators of the DictionaryBoss extension may be targeting students who do most of their work on their computers. Wants Permission to Change the New Tab Page The DictionaryBoss Google Chrome extension...

Posted on October 21, 2019 in Possibly Unwanted Program

MILKDROP

A North Korea-based hacking group has been making the headlines recently. They are known as ScarCruft or APT37 (Advanced Persistent Threat). Cybersecurity experts believe that the ScarCruft group is funded by Kim Jong-Un's government directly and is used by them to carry out hacking attacks that serve to further North Korean interests. Most of the APT37's campaigns take place in South Korea and target high-ranking individuals. The ScarCruft group has a wide range of hacking tools that keeps expanding. Among them is the MILKDROP backdoor Trojan. MILKDROP's Capabilities The MILKDROP Trojan does not have a particularly long list of capabilities, but it is a threat, which operates very silently. Once this backdoor Trojan has gained access to the target's system, it will gain persistence by tampering with the Windows Registry. This would...

Posted on October 18, 2019 in Backdoors

SOUNDWAVE

Hacking campaigns have all end goal sorts - collecting money, causing intentional destruction or simply wreaking havoc for a laugh. Some hackers, though, use their skills to collect information, which can then be used in harmful operations. This is the case with the SOUNDWAVE malware. This threat belongs to the arsenal of the ScarCruft hacking group. This group of highly-skilled individuals hails from North Korea and also is known as APT37 (Advanced Persistent Threat). Cybersecurity experts at large believe that the ScarCruft hacking group is working for the North Korean government and is used as an attack vector against perceived enemies of the regime. This explains why most of the victims of the APT37's threatening campaigns are South Korean. This hacking group is known to attack individuals on high-ranking positions and government...

Posted on October 18, 2019 in Malware

MedusaLocker Ransomware

There has been a brand new file-locking Trojan, which was spotted by malware researchers recently. It was given the name MedusaLocker Ransomware. Unlike most newly discovered ransomware threats, this data-encrypting Trojan appears to be a project built from square one as it does not belong to any of the known ransomware families. So far, cybersecurity experts have not been able to create a decryption tool and release it publicly. Propagation It is not clear what propagation kind is being utilized in the spreading of the MedusaLocker ransomware. Some believe that mass spam email campaigns may be responsible for the propagation of this threat. Bogus application updates and fake pirated variants of popular software also is a common technique for spreading malware of this class. The Two Variants of the MedusaLocker Ransomware Malware...

Posted on October 18, 2019 in Ransomware

Sun Ransomware

Ransomware threats have managed to cause a lot of trouble for countless users worldwide. This malware type is perceived largely as an easy way to make a quick buck, and this is the reason why there is a growing number of cybercriminals trying their luck in creating and spreading file-locking Trojans. The Sun Ransomware is one of the most recently spotted threats of this type. Propagation and Encryption The propagation methods employed in the spreading of the Sun Ransomware are not yet known. Some researchers put the blame on spam email campaigns, which contain infected attachments, as this is one of the most used methods of propagating malware. Fraudulent pirated variants of legitimate software and fake application updates also may be among the techniques for spreading the Sun Ransomware. The infected system will be scanned, and then...

Posted on October 18, 2019 in Ransomware

Uta Ransomware

The Dharma Ransomware family used to be one of the most widely propagated ransomware families in the world. However, back in 2018, a large number of decryption keys were released publicly, and many thought that this was the end of the Dharma Ransomware. Despite this serious hiccup in the Dharma Ransomware project, there are still variants created and propagated. An example would be the Uta Ransomware. There are no free available decryption tools published online yet so that unlocking your data without paying is not possible. Propagation and Encryption It is not known how the Uta Ransomware is being spread. Torrent trackers and bogus application updates may be at play here. It also is likely that the authors of the Uta Ransomware are using spam emails containing macro-laced attachments to spread this nasty Trojan. All the files on the...

Posted on October 18, 2019 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,367