Freezing Ransomware

The Freezing Ransomware is a data-locking Trojan, which was spotted circulating the Internet and preying on users recently. Usually, ransomware threats are written in VB.NET, C, and C++. However, the Freezing Ransomware has been written in PowerShell script. Malware experts have been unable to confirm what is the infection vector used in propagating this threat. Some speculate that the authors of the Freezing Ransomware may be using the classic emails containing corrupted attachments, infected pirated software, and bogus application updates to spread their creation. The Freezing Ransomware will perform a scan, which will determine the locations of the files that will be decrypted later. Then, the Freezing Ransomware will trigger the encryption process. While the files are being locked, the Freezing Ransomware will add a ‘.Freezing’...

Posted on June 28, 2019 in Ransomware

Nusar Ransomware

Cybersecurity researchers have come across a new ransomware threat recently. This new data-encrypting Trojan is named Nusar Ransomware, and when dissected, it revealed that it is a variant of the infamous STOP Ransomware. It is not yet known how the authors of the Nusar Ransomware are spreading it. However, some believe that the propagation methods employed may include mass spam email campaigns, faux software updates, and infected pirated copies of legitimate applications. A scan will be performed as soon as the Nusar Ransomware manages to gain access to a computer. This is done to detect the locations of the files, which the Nusar Ransomware has been programmed to go after. To cause maximum damage, it is likely that the Nusar Ransomware targets all sorts of files – documents, audio and video files, pictures, databases, etc. When the...

Posted on June 28, 2019 in Ransomware

Paradigm Shift for Ransomware - Massive Payouts Coming from City Government Networks

Ransomware has been the most significant online threat for a few years now, hitting private users, small and large businesses alike. However, it seems that the bad actors behind various strains of ransomware are exploring new venues and looking for new ways to extort large sums of money from their victims. The latest worrying trend in ransomware is a very obvious shift towards attacks that target municipal and city government networks instead of businesses. 2019 saw a number of ransomware attacks that targeted city networks in the USA. Many recent ransomware attacks that have taken the limelight are numerous, identified as Cerber, Sodinokibi,, Vesad Ransomware, and even the famous GandCrab threat. While some of the more popular threats may not be responsible for attacking city government networks, some of the same hackers that...

Posted on June 28, 2019 in Computer Security

ANEL

Stone Panda (also called ChessMaster and APT10) is a hacking group based in China. They normally target big companies and various foreign government institutions. The nature of their targets has led some to believe that the Stone Panda APT (Advanced Persistent Threat) may be funded by the Chinese government. Recently, two other threats by the Stone Panda group made the news – the RedLeaves RAT (Remote Access Trojan) and the ChChes RAT. Today, however, we will be describing a new hacking tool, which appears to be a part of the Stone Panda APT’s arsenal – the ANEL backdoor Trojan. The propagation method employed in spreading the ANEL Trojan is spear phishing emails. The emails have been crafted for the victims personally, which means that it is highly likely that the Stone Panda hacking group has been gathering information about their...

Posted on June 27, 2019 in Backdoors

Pteranodon

The Gamaredon hacking group is a well-known name in the world of cybercrime. This hacking group has been active since 2013 and is known for hijacking Ukrainian and Russian emails, hacking DNS providers and websites alike as means of spreading their malware. At first, the Gamaredon group would buy pricey malware on hacking forums, which they would then modify and use, but they began building their own hacking tools from scratch like the Pteranodon Trojan gradually. The group's toolkit now features several backdoors and RATs that use a modular structure, and have been built from scratch. This not only provides them with the capacity to evade anti-virus software, but it also gives them a flexibility that could be used to extend their list of features in the future. The first campaign that included the Pteranodon backdoor was launched back...

Posted on June 27, 2019 in Malware

Popotic Ransomware

File-encryption Trojans continue to be the #1 trend among cybercriminals due to their fairly simple structure, and incredible efficiency. These hacking tools are meant to encrypt the contents of their victims' hard drive, and then offer them a deal – pay a specific amount of money in exchange for decryption software. Often, victims are left with no choice but to cooperate with the perpetrators, and they end up parting with hundreds of dollars to have a glimmer of hope that their data will be restored. This is the exact strategy that Popotic Ransomware's authors have adopted. This file-locker is likely to be spread via bogus email messages that usually ask the victim to download a file – either an email attachment or hosted on an external server. The files preferred by ransomware authors are: ZIP archives with a corrupted executable...

Posted on June 27, 2019 in Ransomware

Pzdc Ransomware

The Pzdc Ransomware is a recently spotted data-locking Trojan, which appears to be rather interesting. Unlike most ransomware threats, which target a very large variety of filetypes as to cause maximum damage, the authors of the Pzdc Ransomware have taken a rather different approach. The Pzdc Ransomware only encrypts databases, which means that regular users will likely be unaffected, while businesses and various institutions will be the primary target of this file-encrypting Trojan. They even state that ‘we collect money only from rich people.’ It has not been confirmed what propagation method is being used to spread the Pzdc Ransomware, but keeping in mind that it targets institutions and companies mainly, it is likely that the authors of this threat are relying on phishing emails to propagate it. The Pzdc Ransomware will scan the...

Posted on June 27, 2019 in Ransomware

OSX/Linker

Apple users often believe in the misconception that Apple devices are impenetrable by malware. This false sense of security has made many Apple users very vulnerable to cyber attacks. This tendency also has encouraged cybercriminals to create all sorts of various malware that would target machines running OSX exclusively. A vulnerability in the Gatekeeper security feature has garnered attention recently. This vulnerability would allow cybercriminals to use a specially crafted file to bypass the Gatekeeper's check, which is meant to determine whether a file is safe or it has harmful intentions, and get access to the targeted system. As of yet, a patch has not been released, which would fix the Gatekeeper tool's vulnerability. The hacking group that is responsible for another piece of malware targeting Apple devices, namely the...

Posted on June 26, 2019 in Malware

OSX/SurfBuyer

Most malware released globally is built to target devices that run Windows. This is due to the sheer number of machines that are Windows-based, no other operating system comes anywhere near. However, some malware creators take up more niche markets. This is the case of the authors of the OSX/SurfBuyer. You might have derived from the name that this piece of software targets devices that run the OSX operating system. What makes Apple users a tasty target for shady actors online is that these users often believe that their machines are practically impenetrable for malware falsely and rarely take cybersecurity seriously. OSX/SurfBuyer is not a harmful application. It falls in the category of adware. Despite the OSX/SurfBuyer not having any inherently unsafe behavior, this application will likely really irritate the user. The OSX/SurfBuyer...

Posted on June 26, 2019 in Adware

'decryptxxx@protonmail.com' Ransomware

The 'decryptxxx@protonmail.com' Ransomware is a recently uncovered data-locking Trojan. When cybersecurity researchers studied this threat, they found out that the 'decryptxxx@protonmail.com' Ransomware belongs to the Dharma Ransomware family. It cannot be confirmed what particular propagation methods have the cyber crooks responsible for the 'decryptxxx@protonmail.com' Ransomware used in spreading their threat. However, some malware experts speculate that the infection vectors may include spam emails containing corrupted attachments, bogus software updates and infected pirated applications. When the 'decryptxxx@protonmail.com' Ransomware lands on a system, it will perform a scan. This is done so that the 'decryptxxx@protonmail.com' Ransomware can locate all the files, which it was programmed to target. Then, the encryption process...

Posted on June 26, 2019 in Ransomware

Craftul Ransomware

Malware experts have spotted a new data-locking Trojan recently. It is called the Craftul Ransomware and does not appear to be a variant of any of the popular ransomware threats. Cybersecurity researchers have been unable to confirm what the exact infection vectors employed in the spreading of the Craftul Ransomware are. Some believe that spam email campaigns, infected pirated software, and faux application updates may be among the propagation methods used by the authors of the Craftul Ransomware to spread their creation. If the users fall for the tricks of the Craftul Ransomware and give it access to their systems, this file-encrypting Trojan will begin scanning the infiltrated machine immediately. The goal of the scan is to determine the locations of the files, which will be locked later. When the scan is completed, the Craftul...

Posted on June 26, 2019 in Ransomware

MobOk

Ever since smartphones became something that everyone has in their life, cybercriminals have been finding more and more ways to exploit this. Some plant cryptocurrency miners, others collect data, the shams and tactics are endless, but regardless of what the method is, the conclusion is the same – users need to take the security of their mobile devices seriously. Recently, a piece of malware targeting Android has been making the news, boasting over 10,000 infected devices. The malware in question is called the MobOk backdoor Trojan. The MobOk malware is being spread via two photo editing applications on the Google Play Store – ‘Pink Camera’ and ‘Pink Camera 2.’ The authors of the MobOk backdoor have made sure to make the applications spreading their threatening creation look legitimate. When a user downloads either one of the...

Posted on June 25, 2019 in Malware

ChChes

Stone Panda is an APT (Advanced Persistent Threat) that is believed to originate from China. Due to the nature of their targets, often big corporations and government bodies, many speculate that the Stone Panda APT may be funded by the Chinese Government. They have launched several attacks against businesses based in Japan with the first one registered back in 2014. Often, the Stone Panda hacking group would employ the Poison Ivy RAT (Remote Access Trojan) and the PlugX RAT – these are hacking tools, which are not a product of the Stone Panda APT, but they like to borrow them. Recently, there was yet another attack launched against a Japanese company in the pharmaceutical industry. In this most recent attack, it became apparent that the Stone Panda APT have developed their own unique hacking tool – the ChChes backdoor Trojan. What led...

Posted on June 25, 2019 in Malware

TROLL Ransomware

A new ransomware threat has been circulating the Web recently. It is called TROLL Ransomware and does not seem to be a variant of any of the popular ransomware threats. Malware experts have not been able to conclude how the TROLL Ransomware is being propagated. Some speculate that the infection vectors employed in the spreading of the TROLL Ransomware may be the ones we all know too well – bogus software updates, infected pirated copies of popular software, and spam email campaigns with infected attachments. When the TROLL Ransomware successfully gains access to a targeted system, it will scan the files present on the machine. Then, the TROLL Ransomware will determine the locations of the files which it was programmed to go after. The next step of the attack is the encryption process. When the TROLL Ransomware locks a file, it alters...

Posted on June 25, 2019 in Ransomware

WALAN Ransomware

The WALAN Ransomware is a data-locking Trojan that has recently surfaced the Internet. When cybersecurity experts dissected the WALAN Ransomware, there were no indications that this threat belongs to any of the popular ransomware families. It is not known with certainty what infection vectors are being used to propagate the WALAN Ransomware. However, there are some speculating that the authors of the WALAN Ransomware may be employing spam email campaigns, faux application updates, and corrupted pirated software as a means of spreading their creation. If the user falls for the trickery of the WALAN Ransomware, they will grant access to their system to the file-encrypting Trojan. Once the WALAN Ransomware infiltrates the PC, it will start scrutinizing it. The purpose of the scan is to locate the files, which will later be encrypted....

Posted on June 25, 2019 in Ransomware