2015, Analysis and Encryption - Information Management Today

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files. ” continues the analysis. ” concludes the report.

Encryption

Encryption Ransomware Cybersecurity Archiving

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. ” reads the analysis published by the experts. “The messages are encrypted using XOR “encryption” with a static key.”

Communications

Communications Encryption Cloud Security

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. in) used by the attackers. Pierluigi Paganini.

Encryption

Encryption Authentication Access IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. ” continues the analysis. Mounting all the shared drives to encrypt.

Encryption

Encryption Ransomware Energy and Utilities File names

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

MARCH 18, 2019

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The GCHQ is inviting the community of developers to contribute to the improvement of the tool.

Encryption

Encryption Military Education Communications

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption

Encryption Ransomware IT Phishing

Experts developed a free decryptor for the Lorenz ransomware

Security Affairs

JUNE 29, 2021

Like other ransomware gangs, Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom. Lorenz sends the name of the infected system to a C2 before encrypting the file. Lorenz places a header before the encrypted file instead.

Ransomware

Ransomware Encryption Passwords Cybersecurity

Sodinokibi ransomware uses MS API to encrypt open and locked files

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption

Encryption Ransomware Cybersecurity Security

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

JULY 8, 2019

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Technical Analysis. As expected, the malicious payload is stored in the resource section in encrypted way (probably using a simple XOR-encryption). Introduction.

File names

File names Encryption Archiving Phishing

ESET PROTECT Advanced Review: Features & Benefits

eSecurity Planet

OCTOBER 8, 2021

With a multi-layered approach to endpoint protection, the ESET PROTECT Advanced solution fits small to medium-sized businesses and offers advanced EPP capabilities, full disk encryption , and an automated sandbox for dynamic threat analysis. Full Disk Encryption. Read more: 19 Best Encryption Software & Tools of 2021.

Encryption

Encryption Cloud MDM Cybersecurity

Moobot botnet is back and targets vulnerable D-Link routers

Security Affairs

SEPTEMBER 7, 2022

” reads the analysis published by Unit 42. “As a variant, MooBot inherits Mirai’s most significant feature – a data section with embedded default login credentials and botnet configuration – but instead of using Mirai’s encryption key, 0xDEADBEEF, MooBot encrypts its data with 0x22.”

Encryption

Encryption Passwords Security IT

Maze ransomware uses Ragnar Locker virtual machine technique

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. ” reads the analysis published by Sophos. .

Ransomware

Ransomware Encryption File names Security

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Encryption Privacy Security awareness

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

” reads the analysis published by ESET. To avoid detection of malicious functionalities, the authors encrypted all suspicious-looking strings with the Corrected Block TEA (XXTEA) cipher and then running Base64 encoding. “Interestingly, the password from the configuration file is stored encrypted.

Metadata

Metadata Encryption File names Passwords

Experts warn of a new strain of ransomware, the PXJ Ransomware

Security Affairs

MARCH 16, 2020

The name PXJ ransomware comes from the file extension that it appends to encrypted files. ” reads the analysis post by IBM X-Force. . ” reads the analysis post by IBM X-Force. The PXJ ransomware uses both AES and RSA algorithms to encrypt the data, the technique is common to other threats.

Ransomware

Ransomware Encryption Communications IT

Security Risks of Client-Side Scanning

Schneier on Security

OCTOBER 15, 2021

The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015.

Risk

Risk Paper Security Encryption

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The botnet uses the WSS (WebSocket over TLS) protocol for C2 communication to circumvent the typical Mirai traffic detection and provide secure encrypted communication for command and control. “Two zero days, 12 remote access functions for the router, encrypted traffic protocol, and infrastructure IP that that moves around. .

IoT

IoT Encryption Communications Access

Experts observed a spike in COVID-19 related malspam emails containing GuLoader

Security Affairs

MAY 23, 2020

In the last campaign observed by experts, the downloader utilizes cloud hosting services to keep the payload encrypted. “This malware downloader utilizes cloud hosting services like Microsoft OneDrive or Google Drive to keep its payload encrypted. ” reads the analysis. Pierluigi Paganini.

Encryption

Encryption Cloud Access Security

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. ”reads the analysis published by Microsoft. Dexphot makes heavy use of polymorphism and encryption to avoid detection, this means that it constantly changes its identifiable features. . msiexec.exe, unzip.exe, rundll32.exe,

File names

File names Encryption Mining Security

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code.” The JavaScript URL is hardcoded in the loader script in encrypted format, experts observed that the attackers can change the URL for each victim. Pierluigi Paganini.

e-Delivery

e-Delivery Encryption Passwords Authentication

A new variant of the IcedID banking Trojan spreads using COVID-19 lures

Security Affairs

JUNE 22, 2020

” reads the analysis published by Juniper, “Previous versions of IcedID injected into svchost.exe and downloaded encrypted modules and config as “.dat” The size of the image is more than 600KB and embedded in it is the encrypted IcedID main module. ” continues the analysis. “[The dat” files.

Encryption

Encryption IT Security Information Security

Multi-platform Tycoon Ransomware employed in targeted attacks

Security Affairs

JUNE 5, 2020

” reads the analysis published by BlackBerry. Attackers timestamped files with date timestamps of 11th April 2020, 15:16:22: Upon establishing a foothold onto the target network, the attackers executed the Java ransomware module, which encrypted the files on connected servers. ”continues the analysis.

Ransomware

Ransomware Encryption Archiving Education

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 In 2015, global cyber crime had a cost of about $3 trillion, and the cost is expected to rise to $10.5 Ransomware. Ransomware is the fastest-growing trend.

Ransomware

Ransomware Cybersecurity Phishing Encryption

Z-LAB Report – Analyzing the GandCrab v5 ransomware

Security Affairs

OCTOBER 2, 2018

GandCrab operates like a classic ransomware, it encrypts all user files and drops some ransom notes on the infected machine. to allow the code to encrypt the files opened by these applications. Technical details, including IoCs and Yara Rules, are reported in the analysis shared by researchers at the ZLab.

Ransomware

Ransomware Encryption Security IT

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. And our analysis shows that this is a fully functional, covert and RAT program targeting both Windows and Linux platforms, and the samples share some key characters being used by Lazarus Group.”

CMS

CMS File names Encryption Access

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

” reads the analysis published by Sophos. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. ” continues the analysis. . In these attacks, the encryption key used is the string “HELLO_USA_PRISIDENT.”

File names

File names Encryption Libraries IT

Underestimating the FONIX – Ransomware as a Service could be an error

Security Affairs

OCTOBER 11, 2020

“Notably, FONIX varies somewhat from many other current RaaS offerings in that it employs four methods of encryption for each file and has an overly-complex post-infection engagement cycle.” ” reads the analysis published by Sentinel Labs. ” continues the analysis. ” concludes the report.

Ransomware

Ransomware Encryption Compliance Communications

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

Upon execution, the executable will attempt to download several files from a remote web site, at the time of the analysis, only a few of them were available. The filename of the encrypted files will be changed to the attacker’s email address (i.e. ” reads the analysis published by BleepingComputer. jpg ‘).

Ransomware

Ransomware Passwords File names Encryption

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

” reads the analysis published by ESET. To avoid detection of malicious functionalities, the authors encrypted all suspicious-looking strings with the Corrected Block TEA (XXTEA) cipher and then running Base64 encoding. “Interestingly, the password from the configuration file is stored encrypted.

Metadata

Metadata Encryption File names Passwords

A new NAS Ransomware targets QNAP Devices

Security Affairs

JULY 11, 2019

The ransomware , tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali , is written in the Go programming language and uses AES encryption to encrypt files. encrypt extension to filenames of encrypted files. ” reads the analysis published by Intezer. onion websites.

Ransomware

Ransomware Encryption Manufacturing Security

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

” continues the analysis. The binaries are stored encrypted and obfuscated too, with a slightly different format, the AES Initialization vector being stored within the core module binary instead of in the encrypted module files.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Communications IT Government

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

In malspam attacks, attackers could encrypt the Excel file by setting up a password, then when the victims receive the email, hackers trick them into opening the attachment using a password included in the content of the message. ” reads the analysis published by the experts. Pierluigi Paganini.

Passwords

Passwords Encryption Security IT

The Mystery of Fbot

Security Affairs

JANUARY 21, 2020

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Honeypots Encryption IT

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

JULY 4, 2019

Researchers published a technical analysis of the privilege escalation process that allows the threat to gain SYSTEM privileges. The body of each Sodin sample includes an encrypted configuration block that stores the settings and data used by the malware. ” continues the analysis.

Ransomware

Ransomware Encryption Government IT

Operation Sharpshooter targets critical infrastructure and global defense

Security Affairs

DECEMBER 13, 2018

. “In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States, based on McAfee telemetry and our analysis.” ” reads the analysis published by McAfee. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Metadata Phishing Security

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

” reads the analysis published by Cybereason. The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.”

Financial Services

Financial Services Libraries Encryption Authentication

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

The malware was an info stealer and according to the researchers, it was part of a long-term campaign, tracked as “PhantomLance” that has been active at least since December 2015. ” reads the analysis published by Kaspersky. ” continues the analysis. Android version, installed apps). .

Marketing

Marketing Encryption IT Cybersecurity

New Virobot malware combines ransomware and botnet capabilities

Security Affairs

SEPTEMBER 23, 2018

Virobot encrypts files on infected machines and is also implements spam botnet abilities and leverages it target other systems. ” reads the analysis published by Trend Micro. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. Security Affairs – Virobot , malware ).

Ransomware

Ransomware Encryption Risk Security

Zeppelin Ransomware targets Tech and Health Companies

Security Affairs

DECEMBER 12, 2019

” reads the analysis published by Cylance. Task-killer — kill attacker-specified processes Auto-unlock — to unlock files that appear locked during encryption Melt — to inject self-deletion thread to notepad.exe UAC prompt — try running the ransomware with elevated privileges. ” reads the post published by Cylance.

Ransomware

Ransomware Encryption IT Security

New Coronavirus-themed attack uses fake WHO chief emails

Security Affairs

MARCH 21, 2020

“X-Force recent analysis identified a new HawkEye malware variant distributed in mails spoofing the World Health Organization. ” continues the analysis. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” The decoded payload is a.NET executable file ReZer0V2.exe

Phishing

Phishing Archiving Encryption IT

Experts linked multiple ransomware strains North Korea-backed APT38 group

Security Affairs

MAY 4, 2022

A Mandiant’s report attributed the string of attacks against the SWIFT banking system to the APT38, including the hack of Vietnam’s TP Bank in 2015, Bangladesh’s central bank in 2016, Taiwan’s Far Eastern International in 2017, Bancomext in Mexico in 2018, and Banco de Chile in 2018. ” reads the analysis published by Trellix.

Ransomware

Ransomware Encryption Cybersecurity Security

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The second stage installs itself and loads the third stage using an encrypted, hardcoded path. ” reads the analysis. ESET researchers pointed out that the authors have put significant effort into encryption in order to prevent the analysis of the DePriMon malware. Pierluigi Paganini.

Communications

Communications Encryption Education Authentication

A new Mac malware dubbed Tarmac has been distributed via malvertising campaigns

Security Affairs

OCTOBER 13, 2019

. “Malicious ads redirect victims to sites showing popups peddling software updates, mainly Adobe Flash Player updates, that once executed will install first install the OSX/ Shlayer MacOS malware , which then execute the final payload, the OSX/Tarmac” reads the analysis.

Encryption

Encryption Security IT Information Security

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

AUGUST 15, 2020

The malware also implements ransomware behavior, it is able to encrypt files and display a ransom note. ” reads the analysis published by Trend Micro. The analysis of the C&C server revealed a list of 380 victim IP addresses, most of them in China (152) and India (103). Xcode developers are at risk. Pierluigi Paganini.

Ransomware

Ransomware Encryption Risk IT

Snake Ransomware isolates infected Systems before encrypting files

Some Fortinet products used hardcoded keys and weak encryption for communications

Webinars

Trending Sources

GravityRAT returns disguised as an end-to-end encrypted chat app

Webinars

Ragnar Ransomware encrypts files from virtual machines to evade detection

GCHQ implements World War II cipher machines in encryption app CyberChef

DeathRansom ransomware evolves encrypting files, but experts identified its author

Experts developed a free decryptor for the Lorenz ransomware

Sodinokibi ransomware uses MS API to encrypt open and locked files

Spotting RATs: Delphi wrapper makes the analysis harder

ESET PROTECT Advanced Review: Features & Benefits

Moobot botnet is back and targets vulnerable D-Link routers

Maze ransomware uses Ragnar Locker virtual machine technique

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Experts warn of a new strain of ransomware, the PXJ Ransomware

Security Risks of Client-Side Scanning

New Ttint IoT botnet exploits two zero-days in Tenda routers

Experts observed a spike in COVID-19 related malspam emails containing GuLoader

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Visa warns of new sophisticated credit card skimmer dubbed Baka

A new variant of the IcedID banking Trojan spreads using COVID-19 lures

Multi-platform Tycoon Ransomware employed in targeted attacks

What is a Cyberattack? Types and Defenses

Z-LAB Report – Analyzing the GandCrab v5 ransomware

Dacls RAT, the first Lazarus malware that targets Linux devices

New KilllSomeOne APT group leverages DLL side-loading

Underestimating the FONIX – Ransomware as a Service could be an error

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

CDRThief Linux malware steals VoIP metadata from Linux softswitches

A new NAS Ransomware targets QNAP Devices

Unknown FinSpy Mac and Linux versions found in Egypt

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

The Mystery of Fbot

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Operation Sharpshooter targets critical infrastructure and global defense

EventBot, a new Android mobile targets financial institutions across Europe

PhantomLance, a four-year-long cyberespionage spying campaign

New Virobot malware combines ransomware and botnet capabilities

Zeppelin Ransomware targets Tech and Health Companies

New Coronavirus-themed attack uses fake WHO chief emails

Experts linked multiple ransomware strains North Korea-backed APT38 group

DePriMon downloader uses a never seen installation technique

A new Mac malware dubbed Tarmac has been distributed via malvertising campaigns

XCSSET Mac spyware spreads via Xcode Projects

Stay Connected