It was a very slow week when it comes to ransomware, which is a great thing. Hopefully it will stay that way.The biggest news this week is the POC ransomware targeting ICS/SCADA that was demonstrated at RSA this week and the live streaming by Fabian Wosar of him reversing and cracking a a new ransomware called Hermes.
Today Fabian Wosar decided to live stream his analysis of the new Hermes Ransomware. It was a pleasure surprise when it was discovered that the ransomware could be decrypted and Fabian quickly demonstrated how to generate a key and create a decryptor. This article contains further technical analysis of the Hermes ransomware.
A variant of the Cerber ransomware spotted in the wild in the past month contains a function that searches for locally-installed security products and avoids encrypting their files, so firewalls, antivirus or antispyware products can continue working even after Cerber has locked the computer.
Out of the 62 ransomware families found active in 2016, security firm Kaspersky Lab says that 47 of these strains contained artifacts that allowed attribution to Russian-speaking criminals.
Researchers from the Georgia Institute of Technology (GIT) have created a proof-of-concept ransomware strain that can alter programmable logic controller (PLC) parameters. The research team presented their work yesterday, at the RSA cyber-security conference in San Francisco.
An ultranationalist developer from Serbia is behind a series of malware strains, including a new ransomware family named SerbRansom, discovered yesterday by security researcher MalwareHunter.
It is another week and more ransomware to alert everyone about. The biggest news this week is the release of Serpent Ransomware, which is a new version of the Wildfire Ransomware and the continuing rise of Spora as a major player in the ransomware threat landscape.
Since September 2016, a criminal group has been using different versions of the Crysis ransomware to infect enterprise networks where they previously gained access to by brute-forcing workstations with open RDP ports.
A new ransomware called DynA-Crypt was discovered by GData malware analyst Karsten Hahn that not only encrypts your data, but also tries to steal a ton of information from a victim's computer. Ransomware & information stealing infections have become all-to-common, but when you combine the two into the complete mess called DynA-Crypt.
A new ransomware called Serpent Ransomware has been discovered that appears to be a new variant of the Hades Locker and Wildfire infections. This article provides a brief summary of how the ransomware is distributed and detailed description of how it encrypts a computer.
A ransomware called Erebus has been discovered that utilizes a UAC bypass, encrypts file name extensions using ROT-23, and has a low ransom amount of ~$90USD.
The infamous Lockdroid ransomware has gained a new feature, a banality among desktop malware, but a never-before-seen trick for Android ransomware.