Just like the floppy disk during its heydays, the USB drive, commonly called the thumb drive or flash disk, is the preferred removable storage media due to its portability and data storage capacity. However, its popularity may prove to be useful for attackers as a propagation vector for malware and as a tool for breaching…Read More
Good customer service is part of running a successful business. It shouldn’t be a surprise that even crypto-ransomware purveyors are now thinking of ways to make the process of paying for crypto-ransomware easier. The innovation brought forth by some new JIGSAW variants? Instead of using dark web sites, it communicates to the user via… live chat.Read More
How do you know that something has become very popular? Simple – when poorly-made knockoff versions start to hit the marketplace. Ransomware, it seems, has hit that point.
The writers behind the new ZCRYPT ransomware family have either scrapped support for Windows XP, or did a sloppy job in creating it. This new family only targets systems with newer versions of Windows, specifically Windows 7 and later. Is ZCRYPT deliberately cutting of older operating systems, or is it just poorly-written malware?Read More
Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States.Read More
The critical role of patch management comes into play when vulnerabilities are used by attackers as entry points to infiltrate their target systems and networks or when security flaws are abused to spread any threats. The case of the infamous SAMSAM crypto-ransomware supports this. The said threat deviated from other crypto-ransomware families. Instead of arriving via malicious URLs or spam emails, it leverages security flaws in unpatched servers. Last March 2016, SAMSAM hit the Maryland hospital by encrypting all its files, including those found in the network. From the healthcare industry, SAMSAM moves to target the education sector. In a recent attack, a significant number of servers and systems were exposed to SAMSAM and other malware via JBoss server vulnerabilities. JBoss is an open source application server that runs on Java. Systems or servers with ‘Destiny’ software were also affected. According to a report by CISCO, this software is typically used by K-12 schools worldwide. Follett has already released a patch to protect users of Destiny software.Read More