Analysis, Encryption, File names and Government

Analysis

Encryption

File names

Government

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks.

Ransomware

Ransomware Encryption File names Passwords

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. ” reads the analysis published by Symantec. Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content.

File names

File names Encryption Manufacturing Libraries

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Trending Sources

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ReadMe file name: README.BlackSuit.txt. ” reads the analysis published by TrendMicro.

Ransomware

Ransomware Encryption File names Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

New Graphiron info-stealer used in attacks against Ukraine

Security Affairs

FEBRUARY 8, 2023

Upon execution, the downloader will check against a blacklist of malware analysis tools by checking for running processes’ specific names (i.e. “Graphiron uses AES encryption with hardcoded keys. It creates temporary files with the “ lock” and “ trash” extensions.

File names

File names Passwords Phishing Encryption

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware

Ransomware Phishing File names Encryption

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

AUGUST 20, 2018

During the analysis time, only really few Antivirus (6 out of 60) were able to “detect” the sample. In this stage the JavaScript is loading an encrypted content from the original JAR, using a KEY decrypts such a content and finally loads it (Dynamic Class Loader) on memory in order to fire it up as a new Java code.

Computer and Electronics

Computer and Electronics Encryption Security File names

What is Ransomware? Everything You Should Know

eSecurity Planet

APRIL 6, 2023

Ransomware is a type of malicious program, or malware, that encrypts files, documents and images on a computer or server so that users cannot access the data. These keys are available to the attacker, and the encryption can only be decrypted using a private key. How Does Ransomware Work?

Ransomware

Ransomware Encryption Cybersecurity Risk

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

A March 2020 software update of the SolarWinds Orion management platform gave malicious actors unhindered access to key government and enterprise networks. Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload.

Cybersecurity

Cybersecurity Access Authentication Cloud

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Lampion was first documented in December 2019 , and it was distributed in Portugal via phishing emails using templates based on the Portuguese Government Finance & Tax. Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain. zipEncrypted: r?

Communications

Communications Cloud Phishing Encryption

Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

Security Affairs

AUGUST 31, 2018

Today I’d like to share a full path analysis including a KickBack attack which took me to gain full access to an entire Ursniff/Gozi botnet. My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” SEAAppDataLocalTemp/rEOuvWkRP.exe.

Computer and Electronics

Computer and Electronics File names Security Access

Information Management Today

FBI published a flash alert on Mamba Ransomware attacks

China-linked APT41 group targets Hong Kong with Spyder Loader

Webinars

Trending Sources

New Linux Ransomware BlackSuit is similar to Royal ransomware

Webinars

New Graphiron info-stealer used in attacks against Ukraine

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Malware researcher reverse engineered a threat that went undetected for at least 2 years

What is Ransomware? Everything You Should Know

Guarding Against Solorigate TTPs

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

Stay Connected