Litar Ransomware

The Litar Ransomware is a variant of the STOP Ransomware, also known as Djvu. The Litar Ransomware encrypts your documents and other files and demands payment in return for decrypting them. The Litar Ransomware leaves a file called _readme.txt on the infected system's desktop with instructions on how to pay the ransom. How the Litar Ransomware Attack Works The Litar Ransomware can be identified by the signature extension ".litar" it appends to infected files. The Litar Ransomware typically targets the following file extensions: .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref,...

Posted on July 1, 2019 in Ransomware

Silex

Infiltrating vulnerable machines and hijacking them to add to a botnet has been a modus operandi of cybercriminals for many years now. Most botnets consist of infected PCs. However, some cyber crooks take up a different approach. Instead of targeting computers, they would target IoT (Internet-of-Things) devices. These are all sorts of household machines, which can connect to the Internet and be considered ‘smart devices.’ The largest known botnet, which consists entirely of IoT devices, is called the Mirai botnet with over 2.5 million infected machines at its peak. There is a rather interesting case involving a piece of malware called the BrickerBot. Instead of using the infected IoT devices for some harmful campaign, the creator of the BrickerBot opted to render them unusable just to make a point. Their reasoning is that users do not...

Posted on June 28, 2019 in Malware

ViceLeaker

Cybersecurity experts have spotted a new Android malware called ViceLeaker recently. Most Android malware is programmed to target as many victims as possible. However, it appears that this is not the case with the ViceLeaker malware. The authors of this threat have concentrated their efforts in one specific region – the Middle East, namely Israel. It is safe to say that this is an espionage campaign launched against Israeli citizens by an unknown party. In the summer of 2018, a threat that closely resembles the ViceLeaker had popped up. It was called Triout and operated in a very similar manner to the ViceLeaker malware. However, the victims of the Triout malware were not targeted specifically, which is the biggest difference between the Triout and the ViceLeaker malware. The ViceLeaker malware has a very impressive list of...

Posted on June 28, 2019 in Malware

Freezing Ransomware

The Freezing Ransomware is a data-locking Trojan, which was spotted circulating the Internet and preying on users recently. Usually, ransomware threats are written in VB.NET, C, and C++. However, the Freezing Ransomware has been written in PowerShell script. Malware experts have been unable to confirm what is the infection vector used in propagating this threat. Some speculate that the authors of the Freezing Ransomware may be using the classic emails containing corrupted attachments, infected pirated software, and bogus application updates to spread their creation. The Freezing Ransomware will perform a scan, which will determine the locations of the files that will be decrypted later. Then, the Freezing Ransomware will trigger the encryption process. While the files are being locked, the Freezing Ransomware will add a ‘.Freezing’...

Posted on June 28, 2019 in Ransomware

Nusar Ransomware

Cybersecurity researchers have come across a new ransomware threat recently. This new data-encrypting Trojan is named Nusar Ransomware, and when dissected, it revealed that it is a variant of the infamous STOP Ransomware. It is not yet known how the authors of the Nusar Ransomware are spreading it. However, some believe that the propagation methods employed may include mass spam email campaigns, faux software updates, and infected pirated copies of legitimate applications. A scan will be performed as soon as the Nusar Ransomware manages to gain access to a computer. This is done to detect the locations of the files, which the Nusar Ransomware has been programmed to go after. To cause maximum damage, it is likely that the Nusar Ransomware targets all sorts of files – documents, audio and video files, pictures, databases, etc. When the...

Posted on June 28, 2019 in Ransomware

Paradigm Shift for Ransomware - Massive Payouts Coming from City Government Networks

Ransomware has been the most significant online threat for a few years now, hitting private users, small and large businesses alike. However, it seems that the bad actors behind various strains of ransomware are exploring new venues and looking for new ways to extort large sums of money from their victims. The latest worrying trend in ransomware is a very obvious shift towards attacks that target municipal and city government networks instead of businesses. 2019 saw a number of ransomware attacks that targeted city networks in the USA. Many recent ransomware attacks that have taken the limelight are numerous, identified as Cerber, Sodinokibi,, Vesad Ransomware, and even the famous GandCrab threat. While some of the more popular threats may not be responsible for attacking city government networks, some of the same hackers that...

Posted on June 28, 2019 in Computer Security

ANEL

Stone Panda (also called ChessMaster and APT10) is a hacking group based in China. They normally target big companies and various foreign government institutions. The nature of their targets has led some to believe that the Stone Panda APT (Advanced Persistent Threat) may be funded by the Chinese government. Recently, two other threats by the Stone Panda group made the news – the RedLeaves RAT (Remote Access Trojan) and the ChChes RAT. Today, however, we will be describing a new hacking tool, which appears to be a part of the Stone Panda APT’s arsenal – the ANEL backdoor Trojan. The propagation method employed in spreading the ANEL Trojan is spear phishing emails. The emails have been crafted for the victims personally, which means that it is highly likely that the Stone Panda hacking group has been gathering information about their...

Posted on June 27, 2019 in Backdoors

Pteranodon

The Gamaredon hacking group is a well-known name in the world of cybercrime. This hacking group has been active since 2013 and is known for hijacking Ukrainian and Russian emails, hacking DNS providers and websites alike as means of spreading their malware. At first, the Gamaredon group would buy pricey malware on hacking forums, which they would then modify and use, but they began building their own hacking tools from scratch like the Pteranodon Trojan gradually. The group's toolkit now features several backdoors and RATs that use a modular structure, and have been built from scratch. This not only provides them with the capacity to evade anti-virus software, but it also gives them a flexibility that could be used to extend their list of features in the future. The first campaign that included the Pteranodon backdoor was launched back...

Posted on June 27, 2019 in Malware

Popotic Ransomware

File-encryption Trojans continue to be the #1 trend among cybercriminals due to their fairly simple structure, and incredible efficiency. These hacking tools are meant to encrypt the contents of their victims' hard drive, and then offer them a deal – pay a specific amount of money in exchange for decryption software. Often, victims are left with no choice but to cooperate with the perpetrators, and they end up parting with hundreds of dollars to have a glimmer of hope that their data will be restored. This is the exact strategy that Popotic Ransomware's authors have adopted. This file-locker is likely to be spread via bogus email messages that usually ask the victim to download a file – either an email attachment or hosted on an external server. The files preferred by ransomware authors are: ZIP archives with a corrupted executable...

Posted on June 27, 2019 in Ransomware

Pzdc Ransomware

The Pzdc Ransomware is a recently spotted data-locking Trojan, which appears to be rather interesting. Unlike most ransomware threats, which target a very large variety of filetypes as to cause maximum damage, the authors of the Pzdc Ransomware have taken a rather different approach. The Pzdc Ransomware only encrypts databases, which means that regular users will likely be unaffected, while businesses and various institutions will be the primary target of this file-encrypting Trojan. They even state that ‘we collect money only from rich people.’ It has not been confirmed what propagation method is being used to spread the Pzdc Ransomware, but keeping in mind that it targets institutions and companies mainly, it is likely that the authors of this threat are relying on phishing emails to propagate it. The Pzdc Ransomware will scan the...

Posted on June 27, 2019 in Ransomware

OSX/Linker

Apple users often believe in the misconception that Apple devices are impenetrable by malware. This false sense of security has made many Apple users very vulnerable to cyber attacks. This tendency also has encouraged cybercriminals to create all sorts of various malware that would target machines running OSX exclusively. A vulnerability in the Gatekeeper security feature has garnered attention recently. This vulnerability would allow cybercriminals to use a specially crafted file to bypass the Gatekeeper's check, which is meant to determine whether a file is safe or it has harmful intentions, and get access to the targeted system. As of yet, a patch has not been released, which would fix the Gatekeeper tool's vulnerability. The hacking group that is responsible for another piece of malware targeting Apple devices, namely the...

Posted on June 26, 2019 in Malware

OSX/SurfBuyer

Most malware released globally is built to target devices that run Windows. This is due to the sheer number of machines that are Windows-based, no other operating system comes anywhere near. However, some malware creators take up more niche markets. This is the case of the authors of the OSX/SurfBuyer. You might have derived from the name that this piece of software targets devices that run the OSX operating system. What makes Apple users a tasty target for shady actors online is that these users often believe that their machines are practically impenetrable for malware falsely and rarely take cybersecurity seriously. OSX/SurfBuyer is not a harmful application. It falls in the category of adware. Despite the OSX/SurfBuyer not having any inherently unsafe behavior, this application will likely really irritate the user. The OSX/SurfBuyer...

Posted on June 26, 2019 in Adware

'decryptxxx@protonmail.com' Ransomware

The 'decryptxxx@protonmail.com' Ransomware is a recently uncovered data-locking Trojan. When cybersecurity researchers studied this threat, they found out that the 'decryptxxx@protonmail.com' Ransomware belongs to the Dharma Ransomware family. It cannot be confirmed what particular propagation methods have the cyber crooks responsible for the 'decryptxxx@protonmail.com' Ransomware used in spreading their threat. However, some malware experts speculate that the infection vectors may include spam emails containing corrupted attachments, bogus software updates and infected pirated applications. When the 'decryptxxx@protonmail.com' Ransomware lands on a system, it will perform a scan. This is done so that the 'decryptxxx@protonmail.com' Ransomware can locate all the files, which it was programmed to target. Then, the encryption process...

Posted on June 26, 2019 in Ransomware

Craftul Ransomware

Malware experts have spotted a new data-locking Trojan recently. It is called the Craftul Ransomware and does not appear to be a variant of any of the popular ransomware threats. Cybersecurity researchers have been unable to confirm what the exact infection vectors employed in the spreading of the Craftul Ransomware are. Some believe that spam email campaigns, infected pirated software, and faux application updates may be among the propagation methods used by the authors of the Craftul Ransomware to spread their creation. If the users fall for the tricks of the Craftul Ransomware and give it access to their systems, this file-encrypting Trojan will begin scanning the infiltrated machine immediately. The goal of the scan is to determine the locations of the files, which will be locked later. When the scan is completed, the Craftul...

Posted on June 26, 2019 in Ransomware

MobOk

Ever since smartphones became something that everyone has in their life, cybercriminals have been finding more and more ways to exploit this. Some plant cryptocurrency miners, others collect data, the shams and tactics are endless, but regardless of what the method is, the conclusion is the same – users need to take the security of their mobile devices seriously. Recently, a piece of malware targeting Android has been making the news, boasting over 10,000 infected devices. The malware in question is called the MobOk backdoor Trojan. The MobOk malware is being spread via two photo editing applications on the Google Play Store – ‘Pink Camera’ and ‘Pink Camera 2.’ The authors of the MobOk backdoor have made sure to make the applications spreading their threatening creation look legitimate. When a user downloads either one of the...

Posted on June 25, 2019 in Malware
1 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 1,356