by CIRT Team
New Ransomware That Encrypts Only EXE Files on Windows Machines [source: gbhackers]
A new ransomware that encrypts only EXE files present in your computer including the ones presented in the windows folder, which typically other ransomware won’t do to ensure the operating system function correctly. It was first tweeted by MalwareHunterTeam and it has the title as Barack Obama’s Everlasting Blue Blackmail Virus Ransomware, according to its file properties. It is unknown how the attackers distributing the...
Read More
by CIRT Team
DATA RECOVERY AFTER RANSOMWARE THAT ENCRYPTS FILES [source: digitalforensics]
The problem of data recovery after ransomware that encrypts files has increased, with more and more cases recently. Help in these cases is not a trivial task. Let’s consider some sides of this problem. Ransomware usually encrypts the most-used data such as photos, videos, office files, databases, etс. Ransomwares can give different extensions to encrypted data; they are considered as a same mechanism that uses...
Read More
by CIRT Team
Qihoo 360’s precise analysis of ransomware for August [source: 360totalsecurity]
Ransomware has posed a serious threat to the data security of enterprises and individuals. Fortunately, 360 Internet Security Center has detected and defensed ransomware immediately. According to the feedback from our users, we found that the number of our users attacked by ransomware shows a slight upward trend in August. Also, the highest number of single-day interceptions for weak passwords reached more than 6 million...
Read More
by CIRT Team
Windows Management Interface Command Tool to Deliver Malware [source: gbhackers]
Cybercriminals are continuing to innovate and use legitimate tools to deliver the malicious file, with this new campaign attacker used WMIC (Windows Management Interface Command) to deliver the information-stealing malware. WMIC is a command line interface that allows users to run WMI operations, which used to get the status of the local or remote computer systems. The use of legitimate tools allows threat actors to fly...
Read More
by CIRT Team
GlobeImposter which has more than 20 variants, is still wildly growing [source: 360totalsecurity]
Recently, 360 Security Team found the new variant of GlobeImposter ransomware family is actively spreading worldwide that has affected the great number of users. Moreover, the attack is expected to be more serious in the future. GlobeImposter can be seen as one of the most powerful ransomware in these years. It uses a high-intensity algorithm for encryption. Once the files are encrypted, it is almost...
Read More
by CIRT Team
Ransomware disguised as Windows Activator is emerging in the wild [source: 360totalsecurity]
Windows Activator has been a popular tool for attackers to spread Trojan viruses. Recently, 360 Security Center found a new kind of ransomware, which was spread by disguising as a Windows Activator. Through our precise analysis, we found this ransomware has a hidden configuration function, which can view and modify the key and prompt information used for encryption, and also obtain key decryption through this...
Read More
by CIRT Team
Confessions of a former hacker: 5 techniques to make you more secure online [source: yahoo]
Consumers are daily targets of email and phone scams, not to mention the frequent cyberattacks on big data. So it’s never been more important to safelock your online security as best as you can. “The scams are changing everyday and consumers aren’t knowledgeable about the new scams that are going to be used against them,” says Kevin Mitnick, top cybersecurity expert and author of “The Art of...
Read More
by CIRT Team
Turla backdoor leverages email PDF attachments as C&C mechanism [source: securityaffairs]
Malware researchers from ESET have published a detailed report on the latest variant of the Turla backdoor that leverages email PDF attachments as C&C. Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was previously unknown. Turla is the name of a Russian cyber espionage...
Read More
by CIRT Team
Bitdefender spotted Triout, a new powerful Android Spyware Framework [source: securityaffairs]
Security researchers from Bitdefender have spotted a new Android spyware framework dubbed Triout that could be used to create malware with extensive surveillance capabilities. Bitdefender researchers have identified a new spyware framework can be used to spy into Android applications, it is tracked as Triout and first appeared in the wild on May 15. The researcher revealed that the command and control (C&C) server has been running since May 2018...
Read More
by CIRT Team
BitPaymer ransomware attack may cost the PGA more than 335,500 USD [source: 360totalsecurity]
After hackers attack companies, government, agencies and hospitals, they have begun to use BitPaymer ransomware to attack the PGA of America. According to GolfWeek, the computers in the PGA’s office were infected with ransomware. When the ransom notes and the related information appeared on their computer screens on Tuesday, they realized they were attacked. Here is the information on the ransom note: “Your network has...
Read More
