Todar Ransomware

Malware experts have spotted a new ransomware threat emerging recently. This data-encrypting Trojan is named Todar Ransomware and appears to be a variant of the popular STOP Ransomware. Propagation and Encryption It is not yet clear what infection vectors are being employed in the propagation of the Todar Ransomware. However, some researchers believe that the creators of the Todar Ransomware may be using some of the most common methods of spreading ransomware threats – fake pirated variants of popular applications, bogus software updates, and spam emails containing infected attachments. Whatever method is employed, the end goal of the Todar Ransomware is one – to infiltrate your PC. Once this is done, this ransomware threat will launch a scan that is used to determine the location of the files, which will be targeted for encryption....

Posted on July 23, 2019 in Ransomware

Hades666 Ransomware

New ransomware threats are being released daily, and the trend does not seem to die out as time passes. On the contrary, more and more cybercriminals are trying their luck by building data-locking Trojans and attempting to generate some revenue by blackmailing innocent users. One of the newest file-encrypting Trojans is the Hades666 Ransomware. When malware researchers inspected this threat, they determined that the Hades666 Ransomware is a variant of the Maoloa Ransomware. Spreading and Encryption It is not known what propagation methods are being used in the spreading of the Hades666 Ransomware. Some researchers speculate that the authors of the Hades666 Ransomware may be employing some of the most common infection vectors used by creators of ransomware threats, namely spam email campaigns containing macro-laced attachments,...

Posted on July 23, 2019 in Ransomware

eCh0raix Ransomware

eCh0raix Ransomware has been found to take the traditional actions of ransomware threats to a new level by targeting QNAP Network Attached Storage (NAS) devices. The specific QNAP devices that eCh0raix Ransomware primarily targets are ones created by the QNAP Systems, Inc. company, a Taiwanese company that creates media storage devices. The vulnerabilities found within specific QNAP NAS systems are sought after by eCh0raix Ransomware where many of the files are encrypted due to loading of a malicious payload. Moreover, eCh0raix Ransomware is suspected to be associated with the QNAPCrypt Ransomware threat, which appears to perform some of the same functions of attacking a QNAP NAS. Written in the Go programming language, eCh0raix Ransomware is a rather simple source code that has under 400 lines. However, the effectiveness of eCh0raix...

Posted on July 23, 2019 in Ransomware

Darus Ransomware

An increasing number of cyber crooks opt to create ransomware threats that are based on already existing data-locking Trojans, which have been successful in generating revenue. This is easier than building a brand new ransomware threat from scratch certainly. One of the newest such Trojans is the Darus Ransomware. This file-encrypting Trojan is a variant of the widely known STOP Ransomware. Spreading and Encryption It is not yet clear what propagation method the authors of the Darus Ransomware are employing in the spreading of their creation. Some malware experts believe that it is likely that this Trojan may be propagating via spam emails that contain macro-laced attachments, infected pirated applications, which are downloaded from unsafe sources and fraudulent software updates. Once the Darus Ransomware finds its way into your...

Posted on July 22, 2019 in Ransomware

RT4BLOCK Ransomware

The RT4BLOCK Ransomware is a newly uncovered file-encrypting Trojan. Malware researchers studied this threat further they discovered that it belongs to the RotorCrypt Ransomware family. It is a common tactic of cybercriminals – building new data-locking Trojans based on the code of already existing ransomware threats. Propagation and Encryption Cybersecurity experts have not determined what method is applied in the spreading of the RT4BLOCK Ransomware. Spam email campaigns, bogus application updates, and corrupted pirated software downloaded from unofficial sources are likely among the techniques used in the propagation of the RT4BLOCK Ransomware. When the RT4BLOCK Ransomware infiltrates your system, it will start the attack with a scan. The scan is used to locate the files, which will be targeted for encryption. Next, the RT4BLOCK...

Posted on July 22, 2019 in Ransomware

Haka Ransomware

There are more and more new ransomware threats popping up daily as this is seen as an easy method of making a quick buck by cybercriminals. One of the newest data-locking Trojans is the Haka Ransomware. When malware researchers inspected the Haka Ransomware, they found out that this ransomware threat may be a variant of the Planetary Ransomware. Propagation and Encryption It has not been determined what propagation method are the creators of the Haka Ransomware employing to spread their file-encrypting Trojans. Cybersecurity researchers speculate that the cybercriminals may be using some of the most common methods - spam emails that contain infected attachments, bogus application updates, and corrupted pirated software. Once the Haka Ransomware gets onto your system, it will begin a swift scan. The point of the scan is to locate the...

Posted on July 22, 2019 in Ransomware

Lilocked Ransomware

The Lilocked Ransomware is a data-locking Trojan that was spotted by malware researchers recently. Ransomware threats are growing in popularity because they are often perceived by cyber crooks as an easy method to generate cash. Propagation and Encryption Cybersecurity experts have not been able to determine with any certainty what are the exact methods of propagation used by the authors of the Lilocked Ransomware. Some speculate that the creators of this ransomware threat may be using some of the most popular methods of spreading threats of this type – emails that contain macro-laced attachments, infected pirated application downloaded from unsafe websites, and faux software updates. Once the Lilocked Ransomware infiltrates your PC it will scan it. The scan will determine the locations of the files, which will be locked. This...

Posted on July 22, 2019 in Ransomware

Okrum

The Ke3chang hacking group, also known as APT15 (Advanced Persistent Threat), is a group of cyber crooks that are likely operating from China. This hacking group is known to have targeted governments, as well as big industries like the military and oil. Once they launch a successful campaign, they seize activity for a while so that authorities would have a hard time tracking them. In 2017 they had, several operations, which were a success and then they went into hiding once again. However, recently, the Ke3chang has made a comeback. The APT15 group has updated several of their most prominent hacking tools – RoyalDNS, Okrum, and Ketrican. Operations in Europe and South America In this post, we will be discussing the Okrum backdoor. This threat is capable to self-preserve very successfully as it employs several different methods of...

Posted on July 19, 2019 in Backdoors

Ketrican

The Ketrican backdoor Trojan is a hacking tool from the arsenal of the infamous Ke3chang APT (Advanced Persistent Threat). This hacking group, also known as APT15, likely originates from China and tends to go after high-profile targets in Europe and South America. Often, the targets are large industries or government institutions. The Ke3chang hacking group tends to lay low once they have launched a campaign, which has been a success. This is done to minimize the chances of detection by the authorities. Introduced Updates However, the APT15 group is making a comeback in 2019 by introducing several updates to some of their most popular hacking tools. One of the tools, which had its capabilities boosted this year, is the Ketrican backdoor Trojan. Its self-preservation mechanism, which would allow it to detect whether it is being run in a...

Posted on July 19, 2019 in Backdoors

RoyalDNS

The Ke3chang hacking group (or as some refer to it APT15) is a Chinese hacking group that has been active since 2012. These malicious actors tend to concentrate their efforts on very high-end targets, which are usually located either in South America or in Europe. Government institutions and large corporations in the military and oil industries have fallen victim to the APT15 (Advanced Persistent Threat). This hacking group has an impressive arsenal of hacking tools, which they make sure to update periodically. One of their most prominent tools is called the RoyalDNS backdoor. The Ke3chang hacking group has utilized this threat in operations targeting corporations and politicians in the Czech Republic and Slovakia, as well as government bodies in the United Kingdom. The RoyalDNS backdoor has been present in campaigns against various...

Posted on July 19, 2019 in Backdoors

Megac0rtx Ransomware

The Megac0rtx Ransomware is a recently spotted data-locking Trojan. Once cybersecurity experts dissected it, it became evident that this is a variant of the similarly named ransomware threat the MegaCortex Ransomware. Propagation Method Most ransomware threats are usually spread via macro-laced attachments in mass spam email campaigns, fraudulent software updates, or unofficial corrupted copies of applications downloaded from shady websites. However, the common trait between all these methods is that it is done randomly with the idea of spreading it to as many unsuspecting users as possible. However, this is not the case with the Megac0rtx Ransomware. It appears that the authors of the Megac0rtx Ransomware have opted to propagate their creation manually because each victim would receive a unique email address where they are required to...

Posted on July 19, 2019 in Ransomware

The FaceApp Scare - Should You Be Worried About Your Safety?

The FaceApp and the photo challenge associated with it that blew up over the last few days have brought the application under severe scrutiny, in the wake of a wave of worry and panic. FaceApp is a photo manipulation mobile phone app that uses machine learning to modify users' photos in various ways, most famously to artificially age the user's face. Despite its humorous goal, the FaceApp challenge, taken up by millions, including many celebrities and media personalities, raised serious concerns in the U.S. The source of the panic stems from FaceApp's developers being Russian. This alone provoked the Democratic National Committee to warn people involved in the upcoming 2020 Democratic presidential campaigns against using the app over fears of Russian hackers, as reported by CNN. Senator Chuck Schumer even went so far as to formally...

Posted on July 19, 2019 in Computer Security

YOUR_LAST_CHANCE Ransomware

With the growing popularity of ransomware threats, cybersecurity researchers spot more and newer file-encrypting Trojans daily. One of the last uncovered ransomware threats that have emerged is the dramatically named YOUR_LAST_CHANCE Ransomware. This newly discovered ransomware threat is a variant of the Cry36 Ransomware. Infection and Encryption It is not clear what the propagation method used in the spreading of the YOUR_LAST_CHANCE Ransomware is. Some experts believe that the authors of the YOUR_LAST_CHANCE Ransomware may be employing some of the most common infection vectors like the spam email campaigns, infected pirated applications downloaded from unsecured websites, and bogus software updates. Once the YOUR_LAST_CHANCE Ransomware finds its way into your system, it will start the attack by implementing a scan. The scan’s goal is...

Posted on July 18, 2019 in Ransomware

Berosuce Ransomware

The Berosuce Ransomware is one of the newest ransomware threats that have reared its head on the Internet. Once malware researchers spotted it and studied it, they found that the Berosuce Ransomware belongs to the STOP Ransomware family. Many less-skilled cybercrooks opt to create ransomware threats like the Berosuce Ransomware by using the code of well-established data-locking Trojans like the STOP Ransomware. Infiltration and Encryption Cybersecurity experts have not been able to conclude what is the exact infection vector employed in the propagation of this ransomware threat. Some have guessed that the creators of the Berosuce Ransomware may be using some of the most popular techniques for spreading malware of this kind – spam emails that contain macro-laced attachments, fraudulent application updates, and copies of software...

Posted on July 18, 2019 in Ransomware

EvilGnome

It is common sense that the Windows operating system is the most popular OS in the world. Approximately 90% of users are running Windows on their systems. Next comes Apple’s Mac operating system, the OSX, with 7% base. Meanwhile, Linux users comprise only 1% of overall users worldwide. This is why it is very rare to come across malware, which is built to target Linux users specifically. However, recently, a new threat that is tailored to go after Linux running systems has surfaced the Internet. Its name is EvilGnome, and it imitates the legitimate Linux application called GNOME. This threat manages to stay under the radar of anti-malware applications, but once cybersecurity researchers spotted it and dissected it, they found out that the EvilGnome may be a Linux backdoor that is still an unfinished project. Likely Originates from...

Posted on July 18, 2019 in Malware