While most ransomware we’ve seen only target specific file types or folders stored on local drives, removable media and network shares, we were able to uncover a ransomware family that does not discriminate: HDDCryptor. Detected as Ransom_HDDCRYPTOR.A, HDDCryptor not only targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive. Such a damaging routine makes this particular ransomware a very serious and credible threat not only to home users but also to enterprises.Read More
We now know that most of the murky dealings that French cybercriminals engage in happen in the dark recesses of the Deep Web, specifically in the Dark Web. Every now and then though, cybercriminals would make their presence felt on the Surface Web. A popular cybercriminal marketplace now gone, French Dark Net, for one, was seen recently promoting its offerings on YouTube. We’ve seen similarities between the French as well as the Brazilian and North American underground markets in that they use social media as a platform to promote their illegal business. What sets the French underground apart?Read More
Taking advantage of legitimate sites for command-and-control (C&C) purposes is typically done by most malware to avoid rousing suspicion from their targets. While most ransomware directly sends the gathered information to their designated C&C servers, there are some variants that slightly differ. CuteRansomware, for instance, uses Google Docs to pass information from the infected system to the attackers.
One of the latest ransomware families, CryLocker (detected as RANSOM_MILICRY.A), does the same by taking advantage of Imgur, a free online image hosting site that allows users to upload and share photos to their contacts. During our monitoring of activities related to exploit kits, we spotted both Rig and Sundown distributing this threat.Read More
Ransomware has grown into a serious problem that has affected millions of users and netted millions of dollars in profit. The earlier entries in this series discussed the entry vectors of ransomware and their encryption behavior. In this post, we examine ransomware’s use of network communication and the possible solutions to address its effects.Read More