-
Necurs Malware Will Now Take a Screenshot of Your Screen, Report Runtime Errors
Malware families evolve on a daily basis, but some updates catch your eye more than others. Necurs has just gone through one of these "interesting" updates, according to US security firm Symantec.
- October 17, 2017
- 07:00 PM
0
-
The Week in Ransomware - October 13th 2017 - DoubleLocker, Locky, and More
Like usual, this week has been dominated mostly by small variants that most likely will never make it into distribute. We did, though, see a new CryptoMix and Locky variant released, that are actively distributed. The biggest news was the discovery of a new Android ransomware called DoubleLocker.
- October 13, 2017
- 06:03 PM
1
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Locky Ransomware Switches to the Asasin Extension via Broken Spam Campaigns
Today a new Locky Ransomware variant was released that now uses the .asasin extension for encrypted files. Personally, I thought the previous extension, ykcol, was more clever, while this one seriously needs a spell checker. Thankfully, the current distribution for this variant is broken due to malformed spam campaign.
- October 10, 2017
- 08:00 PM
- 3
-
Locky Ransomware Authors Are Big Game of Thrones Fans
Here's one group of fans George R. R. Martin may not want on the Game of Thrones bandwagon — the authors of the Locky ransomware.
- September 23, 2017
- 02:00 AM
- 2
-
The Week in Ransomware - September 22nd 2017 - Locky, Sex Sells, and More
The big news this week is a new variant of the Locky ransomware and its distributors continuing to use massive spam campaigns to distribute it. In other news, we had some small variants that will never make it into distribution or are jokes, but have an interesting "twist" to them.
- September 22, 2017
- 06:02 PM
- 2
-
Multiple Spam Waves Detected Pushing New Locky Ransomware Version
Reports are coming in from multiple security researchers and security firms about increased activity from one of the groups spreading the Locky ransomware.
- September 22, 2017
- 10:30 AM
- 3
-
Locky Ransomware Switches to the Ykcol Extension for Encrypted Files
Today a new Locky Ransomware variant was discovered by Stormshield malware analyst coldshell that switches to the .ykcol extension for encrypted files. It is important to note that if you are infected with this ransomware, you are not infected with the Ykcol Ransomware, but rather Locky.
- September 18, 2017
- 07:03 PM
- 0
-
The Week in Ransomware - September 8th 2017 - Locky and Small Releases
We have good news for once, which is a really slow week when it comes to ransomware. While we still had our share of smaller ransomware variants being release, overall there was not a lot of activity. The biggest activity is the continued by Locky distributors to become more widespread through the use of a variety of SPAM campaigns.
- September 08, 2017
- 04:08 PM
- 3
-
The Week in Ransomware - September 1st 2017 - Locky, Exploit Kits, & More
This week has seen a big push by Locky using numerous distribution campaigns to try and claim a spot with the big boys. Other than the normal releases of small ransomware creations, we also saw the RIG exploit kit pushing the Princess Ransomware.
- September 01, 2017
- 02:30 PM
- 0
-
Boobytrapped Word File Installs Locky Ransomware When You Close the Document
Summer vacation is over! During the past week, security researchers have discovered several distribution campaigns pushing the Locky ransomware via different methods, including a new variant that features one hell of a clever trick.
- September 01, 2017
- 09:45 AM
- 0
-
The Week in Ransomware - August 18th 2017 - SyncCrypt, GlobeImposter, & Locky
While the week was dominated by small little ransomware creations, we did have some interesting news. First, we have had a resurgence of Locky variants, then a constant stream of GlobeImposter variants variants, and finally the SynCrypt ransomware that utilizes an interesting distribution method.
- August 18, 2017
- 12:30 PM
- 3
-
Locky Ransomware switches to the Lukitus extension for Encrypted Files
Today a new Locky Ransomware variant was discovered that switches to the .lukitus extension for encrypted files. It is not currently known how this variant is being distributed, but as the ransomware is being downloaded from a remote site it is most likely malspam.
- August 16, 2017
- 02:53 PM
- 0
-
Locky Ransomware Returns with Spam Campaign Pushing Diablo6 Variant
A large malspam campaign is underway that is pushing a new Locky variant that appends the .diablo6 extension to encrypted files. Is this the return of Locky or just a brief resurgence?
- August 09, 2017
- 04:30 PM
- 2
-
The Week in Ransomware - June 23rd 2017 - A Fricken 1 Million Dollar Ransom Payment
What a crazy week. The biggest news is that we had a hosting company who actually paid a 1 million dollar (think Dr. Evil) ransomware payment. We then had the return of Locky, which at one point was the preminent ransomware being distributed. Will have to see if it can become king of the hill again.
- June 23, 2017
- 01:15 PM
- 4
-
Locky Ransomware Returns, but Targets Only Windows XP & Vista
The Locky ransomware is back, spreading via a massive wave of spam emails distributed by the Necurs botnet, but the campaign appears to be a half-baked effort because the ransomware is not able to encrypt files on modern Windows OS versions, locking files only on older Windows XP & Vista machines.
- June 22, 2017
- 03:48 AM
- 1
-
The Week in Ransomware - May 13th 2017 - The WanaCrypt0r RansomApocaGeddonWare
What a crazy end of the week we had with the WanaCrypt0r RansomApocaGeddonWare! This ransomware literally took the entire world by storm by utilizing the NSA EternalBlue SMBv1 exploit to install ransomware on many high profile victims. While that was definitely the big news, the good news is we also saw a some decryptors released.
- May 13, 2017
- 02:34 PM
- 1
-
Jaff Ransomware Distributed via Necurs MALSPAM and asking for a $3,700 Ransom
A new ransomware was discovered today called Jaff ransomware. This ransomware will encrypt your files and append the .jaff extension to encrypted files. It also joins the ranks of other ransomware that steal payment site templates from Locky.
- May 11, 2017
- 04:10 PM
- 0
-
The Week in Ransomware - April 21st 2017 - Locky Returns
It was quite a slow week in the beginning with most of the news being for the most part about small ransomware variants. It finished with a bang, though, with the reappearance of Locky riding on a strong wave of SPAM emails. As you can imagine, there were quite a few articles about Locky today.
- April 22, 2017
- 09:45 AM
- 0
-
The Locky Ransomware is Back and Still Adding OSIRIS to Encrypted Files
After almost an almost non-existent presence in 2017 and a few weeks off, Locky is back with a fresh wave of SPAM emails containing malicious docs. While it is not known what caused Locky's hiatus, if they plan on pushing the ransomware like they previously did, then we all need to pay close attention.
- April 21, 2017
- 05:35 PM
- 4
-
The Week in Ransomware - March 23th 2017 - Decline of Locky & Spora Stats
Lots and lots of little crappy ransomware released this week with nothing new or innovative. We do have some interesting Spora stats, a story on the decline of Locky, and of course an updated decryptor by Fabian Wosar who continues to kick ransomware in the buttocks. Other than that, not really any of significance.
- March 24, 2017
- 05:10 PM
- 0
