At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. Last May 25, 2016, we observed a sudden spike in DRIDEX–related spam emails after its seeming ‘hiatus.’ This spam campaign mostly affected users in the United States, Brazil, China, Germany, and Japan.Read More
How do you know that something has become very popular? Simple – when poorly-made knockoff versions start to hit the marketplace. Ransomware, it seems, has hit that point.
The writers behind the new ZCRYPT ransomware family have either scrapped support for Windows XP, or did a sloppy job in creating it. This new family only targets systems with newer versions of Windows, specifically Windows 7 and later. Is ZCRYPT deliberately cutting of older operating systems, or is it just poorly-written malware?Read More
Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States.Read More
Trend Micro has released free tools—Trend Micro Crypto-Ransomware File Decryptor Tool and Trend Micro Lock Screen Ransomware Tool–to help users and organizations fight back against the dangers that ransomware pose. Systems affected with certain crypto-ransomware variants like TeslaCrypt and CryptXXX can use the File Decryptor Tool to retrieve their files that were ‘held hostage’ by these threats. If your system is infected with ransomware that has a lock-screen feature, our Lock Screen Ransomware Tool will help users gain access to their screen even though the malware is blocking normal and safe mode with networking. One of the primary goals of these tools is to prevent affected users and businesses from succumbing to the pressure and the demands of paying the ransom just to retrieve their confidential data.Read More
Much has been reported and discussed about the bank heists that affected Bangladesh, Vietnam, and Ecuador. All three cases involved the Society for Worldwide Interbank Financial Transfers (SWIFT), a system used by financial/banking institutions worldwide for communicating financial messages or instructions, and has more than 10,000 customers from the financial sector: banks, brokerage institutions, foreign exchanges, and investment firms, among others. These high-profile attacks pose the question of how the attackers could gain foothold and authorization to do the transaction or payment order? What tools were used? And what security controls have to be in place that can detect these suspicious activities?Read More