Hundreds of Dental Offices in US Hit with Aggressive Sodinokibi Ransomware Locking Patient Records

Hundreds of Dental Offices in US Hit with Aggressive Sodinokibi Ransomware Locking Patient Records screenshot

Ransomware attacks have unfortunately become a norm in the scheme of companies and personal computer users having their systems essentially locked due to sophisticated malware encrypting files and making monetary demands to restore the files supposedly. In the most recent ransomware attack, the Sodinokibi ransomware threat was used to lock data found on hundreds of dentist offices that utilized the DDS Safe online backup solution and medical record retention service. Upwards of 400 dentist offices throughout the United States were attacked with the Sodinokibi ransomware threat. In the attacks, it looks that the perpetrators behind Sodinokibi leveraged DDS Safe, an online backup...

Posted on August 30, 2019 in Computer Security

BRATA RAT

Almost all of us own a smartphone these days. However, not many of us take in concern the cybersecurity of our smart devices. This is precisely what cyber crooks count on. Malware researchers have detected a new malware targeting Android devices that run an OS recently, which is newer than Andoird 5.0. This threat is called the BRATA RAT (Remote Access Trojan), and it appears to be mainly focusing on Android users located in Brazil. It is likely that the name of this malware is derived from 'Brazilian RAT Android.' Propagation Methods The BRATA RAT is being spread on the official Google Play Store where it poses as an update or a bogus copy of a popular application such as the WhatsApp messaging service. It is not certain what is the particular infection vectors used in the propagation of the BRATA RAT. Some believe that this Trojan...

Posted on August 30, 2019 in Remote Administration Tools

xHelper

At the beginning of 2019, malware researchers spotted a new threat that targets Android devices exclusively – the xHelper Trojan. Back then, the xHelper Trojan did not get much traction, as its reach appeared to be fairly limited. The creators of the xHelper Trojan, however, have decided to up their game and have achieved quite the success as this threat is now in the top ten most active Android malware strains. The xHelper Trojan has two different variants, and experts speculate that both are being distributed in the same manner. One of the variants is able to hide its components almost entirely, while the other one leaves some noticeable traces of its activity. Propagation Methods Normally, threats targeting Android devices tend to masquerade as popular applications so that users will not suspect a thing when installing them....

Posted on August 30, 2019 in Trojans

Edchargina.pro

The Edchargina.pro website is a page that hosts various advertisements. However, if you attempt to visit the Web page, you will see that it appears to be completely empty. If you have happened upon advertisements that are promoted by the Edchargina.pro page, it is likely that you have been browsing low-quality websites with dubious content like adult entertainment videos, shady gambling websites, pages that host pirated media and software, etc. The Edchargina.pro website is likely to trick users into giving it permission to send notifications by making them believe that this is what is required if they wish to view the content on the page. However, as we mentioned previously, the Edchargina.pro website does not host any content, and these are all empty promises. If you fall for the trick of this website and grant it permission to...

Posted on August 30, 2019 in Browser Hijackers

Gero Ransomware

Recently, malware analyzers have come across a brand-new ransomware threat called Gero Ransomware. Nowadays, even less-skilled cyber crooks can build data-locking Trojans like the Gero Ransomware, as there is a practice of borrowing the code of an already established ransomware threat and only slightly alter it. Propagation and Encryption This is the case with the Gero Ransomware, as once cybersecurity researchers studied this threat they found out that it is a variant of the widely popular STOP Ransomware. It is not yet known how the authors of the Gero Ransomware are propagating their creation. There are speculations that mass spam email campaigns alongside bogus software updates and fake pirated copies of popular applications may be at play regarding the propagation of the Gero Ransomware. A scan will be performed as soon as the...

Posted on August 30, 2019 in Ransomware

Beware: Malicious 'BRATA' Android Remote Access Tool Threatens Online Banking Accounts

Beware: Malicious 'BRATA' Android Remote Access Tool Threatens Online Banking Accounts screenshot

A new powerful Android malware family is making the rounds among smartphone users in Brazil these days. Researchers refer to it as BRATA, which is short of Brazilian RAT Android. It seems like the malware is proliferating without boundaries as at least 20 new variants have been reported since the initial discovery of BRATA in January 2019. The broad reach of this RAT family is due mostly to the fact that the majority of the malicious binaries have been detected at the official Google Play store disguised as updates for the instant messaging service WhatsApp. BRATA is particularly interested in online banking information which it diligently collects and sends over to its operators in...

Posted on August 29, 2019 in Computer Security

BlackWorm RAT

The Syrian Malware Team is a hacking group, which, as the name suggests, originates from Syria. Judging by their pro-Syrian government sentiments displayed in several of their attacks, it is likely that this is a state-sponsored hacking group. They often go after high-profile targets among which were CENTCOM and even Forbes. In Operation for Five Years One of the hacking tools in the vast arsenal of the Syrian Malware Team is the BlackWorm RAT. This is Remote Access Trojan, which is one of the most commonly used hacking tools by the Syrian Malware Team. The BlackWorm RAT has been used by the Syrian Malware Team for over five years now, and the hacking group has further weaponized it over this period by introducing a number of updates. It appears that one of the first variants of the BlackWorm RAT was a creation of a cyber crook with...

Posted on August 29, 2019 in Remote Administration Tools

Silenced Ransomware

Silenced Ransomware screenshot

Malware researchers have spotted yet another file-encrypting Trojan recently. Nowadays, it would seem that everyone wants a piece of the pie when it comes to ransomware threats. It appears that they are perceived as an easy way to make some money quickly without too much risk of getting caught or suffering from any consequences. The Silenced Ransomware was first discovered by the security researcher known on Twitter as 'Jack' or @malwareforme. Much like other threats of this kind, it is made to encrypt data and to rename all affected files to block access for their users. The ransomware adds the '.try' extension to all modified files. Files can be recovered by decryption, something the...

Posted on August 29, 2019 in Ransomware

Nemty Ransomware

Malware researchers are struggling to keep up with all the new ransomware threats that keep popping up daily. One of their most recent discoveries on this front is the Nemty Ransomware. Nemty Ransomware belongs to the ransomware family of malware threats. This means that after infiltrating the user's computer system, it will attempt to encrypt all of the data with a strong encryption algorithm, rendering the user's files unusable. In order to restore them, the creators of Nemty demand a ransom of around $1000 to be paid in the equivalent amount of bitcoins. Propagation and Encryption Cybersecurity specialists have not been able to determine with full certainty, which are the propagation methods involved in the spreading of this file-locking Trojan. Some, however, speculate that the authors of the Nemty Ransomware may have used the most...

Posted on August 29, 2019 in Ransomware

Thegoodcaster.com

Thegoodcaster.com is not a website that hosts any unsafe content, but it is, nonetheless, a shady page as it is not what it claims to be. Thegoodcaster.com poses as a streaming page, which will allow you to watch movies for free. This website will present the user with a bogus media player which urges the person to set up a free account on Thegoodcaster.com if they want to view its content. Furthermore, the Thegoodcaster.com will ask for permission to send notifications to the user via their browser. Spams Advertisements via Email and Browser Notifications To create an account, the Thegoodcaster.com requires the user to provide them with a valid email address. If the user falls for this and gives out their email address, the Thegoodcaster.com will add it to its list of email addresses to spam with unwanted advertisements and...

Posted on August 29, 2019 in Browser Hijackers

Bitsran

The Lazarus APT (Advanced Persistent Threat) is a notorious hacking group, which originates from North Korea. It is widely believed that their criminal activities are sponsored by the North Korean state. They have a large arsenal of hacking tools, among which is the Bitsran Trojan-dropper. This hacking tool appears to serve as a first-stage payload, which is meant to weaken the system's security measures so that the attackers can plant more malware. Malware researchers believe that the authors of the Bitsran Trojan-dropper may be using '. LNK' files or Microsoft Office documents in the shape of an attachment to an email to propagate this threat. As soon as the Bitsran dropper manages to infiltrate a computer, it will place all its files in the %TEMP% folder located in the Windows directory. Next, the Bitsran dropper will gain...

Posted on August 28, 2019 in Malware

Robotcaptcha.info

Robotcaptcha.info is a shady website, which only serves to spread advertisements. If you happen to browse low-quality websites with dodgy content like pages that host pirated media and adult entertainment, you may have encountered the Robotcaptcha.info site. A regular occurrence on such websites is flashing advertisements and all sorts of pop-ups with content that is meant to look very intriguing to get the user to click on them to learn more. However, despite still using social engineering techniques, the approach that the operators of the Robotcaptcha.info have taken is a little different. This website uses a fake CAPTCHA service, which prompts the user to click on the 'Allow' button, which will prove that they are not a robot supposedly. If they click the 'Allow' button, however, will enable the Robotcaptcha.info site to send...

Posted on August 28, 2019 in Browser Hijackers

Retadup

Worm.Retadup is a malware threat that attacks Windows computers with the purpose of installing additional malicious payload on them. As the name suggests, Retadup is a type of worm that spreads far and wide without human interaction, achieving at the same time its persistence on affected machines. In the prevalent amount of the analyzed cases, Retadup drops a cryptocurrency mining malware on the targeted devices. In some cases, researchers have also observed the worm distributing the Stop Ransomware and the Arkei password stealer. Retadup was exposed around two years ago, back in 2017, when it was caught stealing information from hospitals in Israel. Several months later, a new variant of Retadup hit businesses and government institutions in South America. In August 2019, cybersecurity researchers have shared the details of a separate...

Posted on August 28, 2019 in Botnets

Good Ransomware

Good Ransomware screenshot

The Good Ransomware is among the newest spotted ransomware threats lurking on the Web. Like most data-locking Trojans, the Good Ransomware will sneak into your system, encrypt your data, and then request a ransom fee to unlock the affected files supposedly. There are a number of ransomware spinoffs, versions of the same codebase with minor modifications, that all fall under the common name ".good ransomware." What they have in common is that they all append the .good extension to encrypted files. In this way, a file named "front_porch.jpg" will turn into "front_porch.jpg.good" once it has been encrypted. It seems a number of bad actors are using the .good ransomware, as there are a number...

Posted on August 28, 2019 in Ransomware

ArtraDownloader

BITTER is an APT (Advanced Persistent Threat) which has been active since 2015. Experts believe that the BITTER hacking group likely originates from Southern Asia as most of their victims are concentrated in this region – most of the attacks appear to be targeting organizations located in China and Pakistan. Ever since they began operating back in 2015, the BITTER APT has been using one main Trojan downloader – the ArtraDownloader. Naturally, to remain relevant, the BITTER hacking group had to introduce a number of updates to the ArtraDownloader over the years. The latest variant of the ArtraDownloader has some impressive capabilities when it comes to self-preservation techniques. This Trojan downloader can evade security software successfully, as well as to detect and avoid sand-box environments. The ArtraDownloader also can serve as...

Posted on August 27, 2019 in Trojans
1 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 1,370