2014, Analysis and Encryption - Information Management Today

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files. ” continues the analysis. ” concludes the report.

Encryption

Encryption Ransomware Cybersecurity Archiving

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. ” reads the analysis published by the experts. “The messages are encrypted using XOR “encryption” with a static key.”

Communications

Communications Encryption Cloud Security

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. ” continues the analysis. Mounting all the shared drives to encrypt.

Encryption

Encryption Ransomware Energy and Utilities File names

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

MARCH 18, 2019

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Military Education Communications

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption

Encryption Ransomware IT Phishing

Sodinokibi ransomware uses MS API to encrypt open and locked files

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption

Encryption Ransomware Cybersecurity Security

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

JULY 8, 2019

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Technical Analysis. As expected, the malicious payload is stored in the resource section in encrypted way (probably using a simple XOR-encryption). Introduction.

File names

File names Encryption Archiving Phishing

Maze ransomware uses Ragnar Locker virtual machine technique

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. ” reads the analysis published by Sophos. .

Ransomware

Ransomware Encryption File names Security

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

” reads the analysis published by ESET. To avoid detection of malicious functionalities, the authors encrypted all suspicious-looking strings with the Corrected Block TEA (XXTEA) cipher and then running Base64 encoding. “Interestingly, the password from the configuration file is stored encrypted. Pierluigi Paganini.

Metadata

Metadata Encryption File names Passwords

Experts warn of a new strain of ransomware, the PXJ Ransomware

Security Affairs

MARCH 16, 2020

The name PXJ ransomware comes from the file extension that it appends to encrypted files. ” reads the analysis post by IBM X-Force. . ” reads the analysis post by IBM X-Force. The PXJ ransomware uses both AES and RSA algorithms to encrypt the data, the technique is common to other threats.

Ransomware

Ransomware Encryption Communications IT

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The botnet uses the WSS (WebSocket over TLS) protocol for C2 communication to circumvent the typical Mirai traffic detection and provide secure encrypted communication for command and control. “Two zero days, 12 remote access functions for the router, encrypted traffic protocol, and infrastructure IP that that moves around. .

IoT

IoT Encryption Communications Access

Experts observed a spike in COVID-19 related malspam emails containing GuLoader

Security Affairs

MAY 23, 2020

In the last campaign observed by experts, the downloader utilizes cloud hosting services to keep the payload encrypted. “This malware downloader utilizes cloud hosting services like Microsoft OneDrive or Google Drive to keep its payload encrypted. ” reads the analysis. Pierluigi Paganini.

Encryption

Encryption Cloud Access Security

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. ”reads the analysis published by Microsoft. Dexphot makes heavy use of polymorphism and encryption to avoid detection, this means that it constantly changes its identifiable features. . msiexec.exe, unzip.exe, rundll32.exe,

File names

File names Encryption Mining Security

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code.” The JavaScript URL is hardcoded in the loader script in encrypted format, experts observed that the attackers can change the URL for each victim. Pierluigi Paganini.

e-Delivery

e-Delivery Encryption Passwords Authentication

A new variant of the IcedID banking Trojan spreads using COVID-19 lures

Security Affairs

JUNE 22, 2020

” reads the analysis published by Juniper, “Previous versions of IcedID injected into svchost.exe and downloaded encrypted modules and config as “.dat” The size of the image is more than 600KB and embedded in it is the encrypted IcedID main module. ” continues the analysis. “[The dat” files.

Encryption

Encryption IT Security Information Security

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

” reads the analysis published by Sophos. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. ” continues the analysis. . In these attacks, the encryption key used is the string “HELLO_USA_PRISIDENT.” Pierluigi Paganini.

File names

File names Encryption Libraries IT

Multi-platform Tycoon Ransomware employed in targeted attacks

Security Affairs

JUNE 5, 2020

” reads the analysis published by BlackBerry. Attackers timestamped files with date timestamps of 11th April 2020, 15:16:22: Upon establishing a foothold onto the target network, the attackers executed the Java ransomware module, which encrypted the files on connected servers. ”continues the analysis.

Ransomware

Ransomware Encryption Archiving Education

Underestimating the FONIX – Ransomware as a Service could be an error

Security Affairs

OCTOBER 11, 2020

“Notably, FONIX varies somewhat from many other current RaaS offerings in that it employs four methods of encryption for each file and has an overly-complex post-infection engagement cycle.” ” reads the analysis published by Sentinel Labs. ” continues the analysis. ” concludes the report.

Ransomware

Ransomware Encryption Compliance Communications

Z-LAB Report – Analyzing the GandCrab v5 ransomware

Security Affairs

OCTOBER 2, 2018

GandCrab operates like a classic ransomware, it encrypts all user files and drops some ransom notes on the infected machine. to allow the code to encrypt the files opened by these applications. Technical details, including IoCs and Yara Rules, are reported in the analysis shared by researchers at the ZLab. Pierluigi Paganini.

Ransomware

Ransomware Encryption Security IT

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

Upon execution, the executable will attempt to download several files from a remote web site, at the time of the analysis, only a few of them were available. The filename of the encrypted files will be changed to the attacker’s email address (i.e. ” reads the analysis published by BleepingComputer. jpg ‘).

Ransomware

Ransomware Passwords File names Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Encryption Privacy Security awareness

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

” continues the analysis. The binaries are stored encrypted and obfuscated too, with a slightly different format, the AES Initialization vector being stored within the core module binary instead of in the encrypted module files.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Communications IT Government

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

” reads the analysis published by ESET. To avoid detection of malicious functionalities, the authors encrypted all suspicious-looking strings with the Corrected Block TEA (XXTEA) cipher and then running Base64 encoding. “Interestingly, the password from the configuration file is stored encrypted. Pierluigi Paganini.

Metadata

Metadata Encryption File names Passwords

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

In malspam attacks, attackers could encrypt the Excel file by setting up a password, then when the victims receive the email, hackers trick them into opening the attachment using a password included in the content of the message. ” reads the analysis published by the experts. Pierluigi Paganini.

Passwords

Passwords Encryption Security IT

A new NAS Ransomware targets QNAP Devices

Security Affairs

JULY 11, 2019

The ransomware , tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali , is written in the Go programming language and uses AES encryption to encrypt files. encrypt extension to filenames of encrypted files. ” reads the analysis published by Intezer. onion websites.

Ransomware

Ransomware Encryption Manufacturing Security

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

JULY 4, 2019

Researchers published a technical analysis of the privilege escalation process that allows the threat to gain SYSTEM privileges. The body of each Sodin sample includes an encrypted configuration block that stores the settings and data used by the malware. ” continues the analysis. Pierluigi Paganini.

Ransomware

Ransomware Encryption Government IT

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

” reads the analysis published by Cybereason. The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.”

Financial Services

Financial Services Libraries Encryption Authentication

The Mystery of Fbot

Security Affairs

JANUARY 21, 2020

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. This article explains what we have learned about the Fbot traced back from the year of 2014. Pierluigi Paganini.

IoT

IoT Honeypots Encryption IT

New Coronavirus-themed attack uses fake WHO chief emails

Security Affairs

MARCH 21, 2020

“X-Force recent analysis identified a new HawkEye malware variant distributed in mails spoofing the World Health Organization. ” continues the analysis. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Archiving Encryption IT

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. And our analysis shows that this is a fully functional, covert and RAT program targeting both Windows and Linux platforms, and the samples share some key characters being used by Lazarus Group.”

CMS

CMS File names Encryption Access

New Virobot malware combines ransomware and botnet capabilities

Security Affairs

SEPTEMBER 23, 2018

Virobot encrypts files on infected machines and is also implements spam botnet abilities and leverages it target other systems. ” reads the analysis published by Trend Micro. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. Security Affairs – Virobot , malware ).

Ransomware

Ransomware Encryption Risk Security

Zeppelin Ransomware targets Tech and Health Companies

Security Affairs

DECEMBER 12, 2019

” reads the analysis published by Cylance. Task-killer — kill attacker-specified processes Auto-unlock — to unlock files that appear locked during encryption Melt — to inject self-deletion thread to notepad.exe UAC prompt — try running the ransomware with elevated privileges. ” reads the post published by Cylance.

Ransomware

Ransomware Encryption IT Security

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

AUGUST 15, 2020

The malware also implements ransomware behavior, it is able to encrypt files and display a ransom note. ” reads the analysis published by Trend Micro. The analysis of the C&C server revealed a list of 380 victim IP addresses, most of them in China (152) and India (103). Xcode developers are at risk. Pierluigi Paganini.

Ransomware

Ransomware Encryption Risk IT

Operation Sharpshooter targets critical infrastructure and global defense

Security Affairs

DECEMBER 13, 2018

The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in 2014. “In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States, based on McAfee telemetry and our analysis.”

Encryption

Encryption Metadata Phishing Security

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

” reads the analysis published by Kaspersky. Kaspersky experts found a similar sample on Google Play, it implements high levels of encryption, furthermore, the malicious code was able to download and execute additional malicious payloads that would be suitable to the specific device environment (i.e Pierluigi Paganini.

Marketing

Marketing Encryption IT Cybersecurity

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The second stage installs itself and loads the third stage using an encrypted, hardcoded path. ” reads the analysis. ESET researchers pointed out that the authors have put significant effort into encryption in order to prevent the analysis of the DePriMon malware. Pierluigi Paganini.

Communications

Communications Encryption Education Authentication

A new Mac malware dubbed Tarmac has been distributed via malvertising campaigns

Security Affairs

OCTOBER 13, 2019

. “Malicious ads redirect victims to sites showing popups peddling software updates, mainly Adobe Flash Player updates, that once executed will install first install the OSX/ Shlayer MacOS malware , which then execute the final payload, the OSX/Tarmac” reads the analysis. Pierluigi Paganini.

Encryption

Encryption Security IT Information Security

Google removes 17 Joker -infected apps from the Play Store

Security Affairs

SEPTEMBER 27, 2020

The analysis published by ZScaler includes details about the tactics used by the Joker malware author to bypass the Google Play vetting process. In this case, the stager payload URL encoded in the code itself was encrypted using Advanced Encryption Standard (AES). ” concludes the report. Pierluigi Paganini.

Encryption

Encryption Paper Security IT

North Korea-Linked Lazarus APT is behind the VHD ransomware

Security Affairs

JULY 28, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group has been linked to several major cyber attacks, including the 2014 Sony Pictures hack , several SWIFT banking attacks since 2016, and the 2017 WannaCry ransomware infection. Pierluigi Paganini.

Ransomware

Ransomware Encryption Access Security

New variant of Konni RAT used in a campaign that targeted Russia

Security Affairs

AUGUST 29, 2021

The KONNI RAT was first spotted by Cisco Talos researchers in 2017, it has been undetected since 2014 and was employed in highly targeted attacks. ” reads the analysis published by Malwarebytes. Also, its configuration is encrypted and is not base64 encoded anymore. It also does not use FTP for exfiltration.

Encryption

Encryption IT Security Information Security

New NextCry Ransomware targets Nextcloud instances on Linux servers

Security Affairs

NOVEMBER 18, 2019

NextCry is a new ransomware that was spotted by researchers while encrypting data on Linux servers in the wild. T he name comes from the extensions the ransomware appends to the filenames of encrypted files. I realized immediately that my server got hacked and those files got encrypted.” ” said xact64.

Ransomware

Ransomware Encryption File names Security

Steganography in targeted attacks on industrial enterprises in Japan and Europe

Security Affairs

MAY 29, 2020

Attackers used PowerShell scripts, as well as various techniques to evade the detection and avoid the analysis of the malware. ” continues the analysis. “The data extracted from the image is consecutively encoded using the Base64 algorithm, encrypted with the RSA algorithm and encoded using Base64 again.

Phishing

Phishing Encryption Authentication IT

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

JANUARY 11, 2019

In this phase, the ransomware sends to the command and control server information on the encryption process, including a string that contains the Initialization Vector (IV) and a random password used by the ransomware to encrypt the files. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Encryption Passwords Libraries

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

Then they moved the conversation away from the platform to encrypted messaging apps like WhatsApp. ZINC cybercriminals are considered sophisticated attackers who made themselves known with an attack against Sony Pictures Entertainment in 2014. They used LinkedIn to connect with the victims and gain their trust. Highly Evasive Attack.

IT

IT Phishing Encryption Archiving

Snake Ransomware isolates infected Systems before encrypting files

Some Fortinet products used hardcoded keys and weak encryption for communications

Webinars

Trending Sources

Ragnar Ransomware encrypts files from virtual machines to evade detection

Webinars

GCHQ implements World War II cipher machines in encryption app CyberChef

DeathRansom ransomware evolves encrypting files, but experts identified its author

Sodinokibi ransomware uses MS API to encrypt open and locked files

Spotting RATs: Delphi wrapper makes the analysis harder

Maze ransomware uses Ragnar Locker virtual machine technique

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Experts warn of a new strain of ransomware, the PXJ Ransomware

New Ttint IoT botnet exploits two zero-days in Tenda routers

Experts observed a spike in COVID-19 related malspam emails containing GuLoader

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Visa warns of new sophisticated credit card skimmer dubbed Baka

A new variant of the IcedID banking Trojan spreads using COVID-19 lures

New KilllSomeOne APT group leverages DLL side-loading

Multi-platform Tycoon Ransomware employed in targeted attacks

Underestimating the FONIX – Ransomware as a Service could be an error

Z-LAB Report – Analyzing the GandCrab v5 ransomware

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Unknown FinSpy Mac and Linux versions found in Egypt

CDRThief Linux malware steals VoIP metadata from Linux softswitches

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

A new NAS Ransomware targets QNAP Devices

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

EventBot, a new Android mobile targets financial institutions across Europe

The Mystery of Fbot

New Coronavirus-themed attack uses fake WHO chief emails

Dacls RAT, the first Lazarus malware that targets Linux devices

New Virobot malware combines ransomware and botnet capabilities

Zeppelin Ransomware targets Tech and Health Companies

XCSSET Mac spyware spreads via Xcode Projects

Operation Sharpshooter targets critical infrastructure and global defense

PhantomLance, a four-year-long cyberespionage spying campaign

DePriMon downloader uses a never seen installation technique

A new Mac malware dubbed Tarmac has been distributed via malvertising campaigns

Google removes 17 Joker -infected apps from the Play Store

North Korea-Linked Lazarus APT is behind the VHD ransomware

New variant of Konni RAT used in a campaign that targeted Russia

New NextCry Ransomware targets Nextcloud instances on Linux servers

Steganography in targeted attacks on industrial enterprises in Japan and Europe

Victims of Pylocky ransomware can decrypt their files for free

ZINC Hackers Leverage Open-source Software to Lure IT Pros

Stay Connected