Unlike the previously reported and now decrypted Xpan ransomware, this same-but-different threat from Brazil has recently been spotted in the wild. This time the infection vector is a more massively propagated malicious campaign relying on traditional spam email.
A few days ago, Microsoft published the "critical" MS16-120 security bulletin with fixes for vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. One of the vulnerabilities - CVE-2016-3393 - was reported to Microsoft by Kaspersky Lab in September 2016.
In April of this year, we registered some mass attacks on Facebook users in Russia. As a result, many Russian-speaking users of the social network fell victim to fraudsters. Half a year later the fraudsters have used the same tactics to attack Facebook users in Europe.
A Tweet posted recently by AVG researcher, Jakub Kroustek, suggested that a new ransomware, written entirely in Python, had been found in the wild, joining the emerging trend for Pysomwares such as the latest HolyCrypt, Fs0ciety Locker and others.
Machine learning has long permeated all areas of human activity. I would like to warn about, or dispel, some of the misconceptions associated with the use of ML in the field of cybersecurity.
Earlier today we became aware of a malicious website delivering Petya through the Hunter exploit kit. While there is nothing special about yet another exploit kit page, this one caught our attention because it mimics the index page of our sinkhole systems.
Targeted attackers are using an increasingly wide range of deception techniques to muddy the waters of attribution, planting ‘False Flag’ timestamps, language strings, malware, among other things, and operating under the cover of non-existent groups.
What is most interesting about the StrongPity APT's more recent activity however, is their focus on users of encryption tools, peaking this past summer. In particular, the focus was on Italian and Belgian users, but the StrongPity watering holes affected systems in far more locations than those two.
In this article, we discuss how it is possible to take advantage of errors made in the implementation of a cryptographic scheme, and how mistakes by malware writers allow us to help users restore their encrypted data.
We discovered a new variant of a Brazilian-made ransomware, that is being used to infect local companies and hospitals, directly affecting innocent people, encrypting their files and asking to pay the ransom.