Good customer service is part of running a successful business. It shouldn’t be a surprise that even crypto-ransomware purveyors are now thinking of ways to make the process of paying for crypto-ransomware easier. The innovation brought forth by some new JIGSAW variants? Instead of using dark web sites, it communicates to the user via… live chat.Read More
While SNSLocker isn’t a stand-out crypto-ransomware in terms of routine or interface, its coarse and bland façade hid quite a surprise. After looking closer at its code, we discovered that this Ransomware contains the credentials for the access of its own server.
We also found out that they used readily-available servers and payment systems. This shows that the authors behind SNSLocker are in it for the same reason a lot of cybercriminals have moved to ransomware: easy setup of systems for massive infection, and quick return of income. However, they were either too quick or they aren’t investing that much on the operation when they left their credentials out in the open (The credentials have also been shared in social media by other security researchers). We have reported this finding to law enforcement agencies.Read More
Businesses today pride themselves on responding quickly to changing conditions. Unfortunately, cybercriminals aren’t any different. A newly discovered malware family hitting point-of-sale (PoS) systems has been found which emphasizes speed in how the information is stolen and sent back to attackers. We called this attack FastPOS, due to the speed and efficiency of its credit card theft capabilities.
FastPOS is designed to immediately exfiltrate any stolen card data, instead of storing it locally in a file and periodically sending it to the attackers. This suggests that it may have been designed to target situations with a much smaller network environment. An example would be where the primary network gateway is a simple DSL modem with ports forwarded to the POS system.Read More
At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. Last May 25, 2016, we observed a sudden spike in DRIDEX–related spam emails after its seeming ‘hiatus.’ This spam campaign mostly affected users in the United States, Brazil, China, Germany, and Japan.Read More
Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States.Read More