article thumbnail

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. Pierluigi Paganini.

article thumbnail

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. ” continues the analysis. Mounting all the shared drives to encrypt.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Security Affairs

The apps can collect information about the user’s contacts, including IDs, nicknames, names, and phone numbers. The analysis of the code revealed that most packages of the trojanized version of Telegram look the same as the standard ones. The collected information is then encrypted and cached into a temporary file named tgsync.s3.

article thumbnail

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks.

article thumbnail

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ru website. .” Pierluigi Paganini.

article thumbnail

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Security Affairs

In August 2021, IBM X-Force researchers conducted a new analysis of an old variant of the threat that unlike the one analyzed by Fortinet experts appears to be a development version used for testing purposes. The analysis conducted by IBM X-Force researchers reinforced the link between Diavol ransomware and the TrickBot malware. .

article thumbnail

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Technical Analysis. Extracting the content of the ISO image, we encounter an EXE file named “po-ima0948436.exe”. Encrypted payload, stored in Resource section.