The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware's operators might soon start holding victims for ransom if infected targets don't appear to be e-banking users.
Purdue University scientists have developed a data protection technique called Reactive Redundancy for Data Destruction (R2D2) that can protect data sitting inside a virtual machine from modern data-wiping malware and even some secure file deletion methods.
Polish law enforcement announced on Friday the arrest of Tomasz T., a well-known cyber-criminal believed to be the author of the Polski, Vortex, and Flotera ransomware strains.
A new ransomware was discovered this week called Zenis Ransomware. While it is currently unknown how Zenis is being distributed, multiple victims have already become infected with this ransomware. What is most disturbing about Zenis is that it not encrypts your files, but also purposely deletes your backups.
The United States has imposed sanctions against Russian entities for the NotPetya ransomware outbreak, cyber-attacks on the US power grid, and their attempts to influence the 2016 US presidential election process.
In the land of IT security, there is no better source for malware statistics than Microsoft, the company that has an antivirus engine running on almost all recent Windows operating systems.
TodayÂ one of our volunteers, Aura, told me about a new new malspamÂ campaign pretending to be from Craigslist that is under way and distributing the Sigma Ransomware. These spam emails contain password protected Word or RTF documents that download the Sigma Ransomware executable from a remote site and install it on a recipients comput
Just two botnets accounted for 97% of all spam emails in the last three months of 2017, according to a McAfee report released earlier today.
It has been a pretty slow ransomware week as most of the malware developers have started pushing cryptominers. We did see the continued distribution of the GnuPGÂ based Qwerty Ransomware and a new variant of the GandCrab ransomwareÂ that makes it secure again.
A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption programÂ to encrypt a victim's files.Â Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted file's name.
A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand.
GandCrabÂ version 2 was released, which contains changes that supposedly make it more secure & allow us to differentiate it from the original version. In this article we will provide a quick overview as to what has changed & how you can identify that you are are infected with the new GandCrab version.
This week's article combines the previous week's stories as well.Â Lots of small in-dev ransomware over the last two weeks, but also a few RaaS (Ransomware as a Service) implementations were released and decryptor for GandCrab was released.
Bitdefender has released a free decrypter that helps victims of GandCrab ransomware infections recover files without paying the ransom.
The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player âthe RIG exploit kitâ has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers).
Ransomware developers continue to release infections that are clearly not tested well and contain bugs that may make it difficult, if not impossible, for victims to recover their files. Such is the case with the new in the wild ransomware called Thanatos that has been discovered by security research MalwareHunterTeam.
Two days after crooks started advertising the Data Keeper Ransomware-as-a-Service (RaaS) on the Dark Web, ransomware strains generated on this portal have already been spotted in the wild, infecting the computers of real-world users.
The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21.
Today a reader sent me info regarding the LockCrypt RansomwareÂ still being actively distributed over hacked remote desktop services. This variant, when installed, will encrypt a victim's files and then append the .1btc extension to encrypted file names.