• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware

Untangling the Ripper ATM Malware
  • Posted on:September 19, 2016 at 12:01 am
  • Posted in:Malware
  • Author:
    Numaan Huq (Senior Threat Researcher)
0
feature_atm-malware

Last August , security researchers released a blog discussing a new ATM malware family called Ripper which they believe was involved in the recent ATM attacks in Thailand. Large numbers of ATMs were also temporarily shut down as a precautionary measure.

During our analysis we noticed some additional details that where not called out, or which appear to contradict this earlier analysis. We highlight these differences in this blog post. We have also included technical indicators such as code offsets where possible for other researchers to follow on from our work.

Read More
Tags: ATM malwareRipper

Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • Posted on:September 5, 2016 at 1:30 am
  • Posted in:Deep Web, Malware
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0
rootkit-feature

The Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. This rootkit family called Umbreon (sharing the same name as the Pokémon) targets Linux systems, including systems running both Intel and ARM processors, expanding the scope of this threat to include embedded devices as well. We detect Umbreon under the ELF_UMBREON family.

Read More
Tags: EspeonLinuxrootkitUmbreon

New Version of Cerber Ransomware Distributed via Malvertising
  • Posted on:August 31, 2016 at 8:28 pm
  • Posted in:Exploits, Malware, Ransomware
  • Author:
    Joseph C Chen (Fraud Researcher)
0
feature_ransomeware

Cerber has become one of the most notorious and popular ransomware families in 2016. It has used a wide variety of tactics including leveraging cloud platforms and Windows Scripting and adding non-ransomware behavior such as distributed denial-of-service attacks to its arsenal. One reason for this popularity may be because it is frequently bought and sold as a service (ransomware-as-a-service, or RaaS).

The latest version of Cerber had functions found in earlier versions like the use of voice mechanism as part of its social engineering tactics. Similar to previous variants, Cerber 3.0 is dropped by the Magnitude and Rig exploit kits.

Read More
Tags: CERBERMagnitude exploit kitmalvertisingransomwarerig exploit kit

Locky Ransomware Now Downloaded as Encrypted DLLs
  • Posted on:August 29, 2016 at 4:56 am
  • Posted in:Malware, Ransomware
  • Author:
    Brooks Li (Threats Analyst)
0
feature_ransomeware

The Locky ransomware family has emerged as one of the most prominent ransomware families to date, being sold in the Brazilian underground and spreading via various exploits. Locky has, over time, become known for using a wide variety of tactics to spread–including macros, VBScript, WSF files, and now, DLLs.

Recently we encountered a new Locky variant (detected as RANSOM_LOCKY.F116HM) that used old tactics on the surface, but with some key technical changes. The emails that were used to distribute it were fairly pedestrian as far as these messages go, although it was part of a large-scale spam campaign.

Read More
Tags: LockyPRNGransomwareUHE PRNG

New Open Source Ransomware Based on Hidden Tear and EDA2 May Target Businesses
  • Posted on:August 25, 2016 at 4:00 am
  • Posted in:Malware, Ransomware
  • Author:
    Trend Micro
0
feature_ransomeware

In a span of one to two weeks, three new open source ransomware strains have emerged, which are based on Hidden Tear and EDA2. These new ransomware families specifically look for files related to web servers and databases, which could suggest that they are targeting businesses.

Both Hidden Tear and EDA2 are considered as the first open source ransomware created for educational purposes. However, these were quickly abused by cybercriminals. RANSOM_CRYPTEAR.B is one of the many Hidden Tear spinoffs that infect systems when users access a hacked website from Paraguay. Magic ransomware (detected as RANSOM_MEMEKAP.A), based on EDA2, came soon after CRYPTEAR.B’s discovery.

Read More
Tags: EDA2FsocietyHidden TearKaoTearOpen sourcePogoTear
Page 1 of 24512 › »

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Deep Web

  • Trend Micro researchers have been taking deep dives into cybercriminal territory for years now. Find out more about the inner workings of the Deep Web and underground markets.

Latest Ransomware Posts

  • From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
  • Network Solutions to Ransomware – Stopping and Containing Its Spread

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • New Version of Cerber Ransomware Distributed via Malvertising
  • Locky Ransomware Now Downloaded as Encrypted DLLs
  • CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.