Our midyear security roundup noted how more than half of the files types encrypted by ransomware were directly related to enterprises – database files, SQL files, and web pages on servers were some of the file types that were most commonly targeted. These all reside on servers; for enterprises, ransomware on servers is a potent threat that needs to be dealt with. We will take a look at how ransomware has evolved to affect servers and what solutions currently exist to tackle this particular problem.Read More
Most point-of-sale (PoS) threats follow a common process: dump, scrape, store, exfiltrate. FastPOS (initially detected by Trend Micro as TSPY_FASTPOS.SMZTDA) was different with the way it removed a middleman and went straight from stealing credit card data to directly exfiltrating them to its command and control (C&C) servers.
FastPOS was true to its moniker—pilfer data as fast as possible, as much as it can, even at the expense of stealth. The malware is a reflection of how PoS threats, though no longer novel, are increasingly used against businesses and their customers. As such, FastPOS’s update does not come as a surprise—in time for the oncoming retail season to boot.Read More
In a recent blog post, we talked about the Haima app store on iOS. Here, we found that official apps were repacked and advertising modules added to generate revenue for the owners.
One reason for this store’s popularity is its relative ease of use, thanks to the “Haima iOS Helper”. This app is meant to complement the rest of the store by making it easier to install apps and manage the user’s device. This can be considered analogous to the roles that iTunes performs for most iOS users.Read More
Back in July 2015, a new ransomware as a service named “Encryptor RaaS” (detected by Trend Micro as RANSOM_CRYPRAAS.SM) entered the threat scene, rivaling or at least expecting to succeed the likes of similar get-rich-quick schemes from Tox and ORX Locker. The newcomer appeared to be a dark horse: it was multiplatform, had an appealing price, and empowered budding malefactors an easier entry point to cybercrime. It posed a considerable threat to users and businesses, as Encryptor RaaS attacks can vary based on the customizations applied by the affiliate.
In July 2016, however, the service abruptly closed up shop. The good: one less ransomware to be worried about. The bad: the developer decided to wipe the master key. The ugly: victims can no longer recover their encrypted files. What made Encryptor RaaS suddenly crash and burn?Read More