• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   crypto-ransomware

Cerber Version 6 Shows How Far the Ransomware Has Come (and How Far it’ll Go)
  • Posted on:May 2, 2017 at 5:00 am
  • Posted in:Ransomware
  • Author:
    Gilbert Sison (Threats Analyst)
0

Cerber set itself apart from other file-encrypting malware when its developers commoditized the malware, adopting a business model where fellow cybercriminals can buy the ransomware as a service. The developers earn through commissions—as much as 40%—for every ransom paid by the victim. Coupled with persistence, Cerber turned into a cybercriminal goldmine that reportedly earned its developers $200,000 in commissions in a month alone last year.

Being lucrative and customizable for affiliates, it’s no wonder that Cerber spawned various iterations. Our coverage of unique Cerber samples—based on feedback from Smart Protection Network™—shows enterprises and individual users alike are taking the brunt, with the U.S. accounting for much of Cerber’s impact. We’ve also observed Cerber’s adverse impact among organizations in education, manufacturing, public sector, technology, healthcare, energy, and transportation industries.

A reflection of how far Cerber has come in the threat landscape—and how far it’ll go—is Cerber Version 6, the ransomware’s latest version we’ve uncovered and monitored since early April this year. It sports multipart arrival vectors and refashioned file encryption routines, along with defense mechanisms that include anti-sandbox and anti-AV techniques.

Read More
Tags: CERBERcrypto-ransomware

New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files
  • Posted on:August 14, 2016 at 5:30 pm
  • Posted in:Malware, Ransomware, Spam
  • Author:
    Trend Micro
0

Like a game of cat and mouse, the perpetrators behind the Locky ransomware had updated their arsenal yet again with a new tactic—using Windows Scripting File (WSF) for the arrival method. WSF is a file that allows the combination of multiple scripting languages within a single file. Using WSF makes the detection and analysis of ransomware challenging since WSF files are not among the list of typical files that traditional endpoint solutions monitor for malicious activity.

However, the use of WSF files is no longer a novel idea since the same tactic was used in Cerber’s email campaign in May 2016. It would seem that the attackers behind Locky followed Cerber in using WSF files after seeing how such a tactic was successful in bypassing security measures like sandbox and blacklisting technologies.

Read More
Tags: Brazilian underground marketcrypto-ransomwareLocky Ransomware

R980 Ransomware Found Abusing Disposable Email Address Service
  • Posted on:August 10, 2016 at 11:40 pm
  • Posted in:Ransomware
  • Author:
    Trend Micro
0

Perhaps emboldened by the success of their peers, attackers have been releasing more ransomware families and variants with alarming frequency. The latest one added to the list is R980 (detected by Trend Micro as RANSOM_CRYPBEE.A).

R980 has been found to arrive via spam emails, or through compromised websites. Like Locky, Cerber and MIRCOP, spam emails carrying this ransomware contain documents embedded with a malicious macro (detected as W2KM_CRYPBEE.A) that is programmed to download R980 through a particular URL. From the time R980 was detected, there have been active connections to that URL since July 26th of this year.

Read More
Tags: crypto-ransomwaremacro malwareransomware

How Endpoint Solutions Can Protect Businesses Against Ransomware
  • Posted on:July 18, 2016 at 9:05 am
  • Posted in:Malware, Ransomware
  • Author:
    Trend Micro
0

This year alone, the FBI predicted that the total loss to ransomware will reach a whopping US$1 billion. The ransomware business is booming, encouraging cybercriminals to expand their target base—from consumers to businesses, regardless of type and size.

Read More
Tags: application controlbehavior monitoringCERBERcrypto-ransomwareCryptoWallgateway solutionsJIGSAWLockyRAA ransomwareTeslacrypt

Why Ransomware Works: Arrival Tactics
  • Posted on:June 27, 2016 at 7:42 am
  • Posted in:Bad Sites, Malware, Ransomware, Spam
  • Author:
    Trend Micro
0

Apart from understanding the ransomware tactics and techniques beyond encryption, it is equally important to understand how they arrive in the environment. Our recent analysis reveals that majority of ransomware families can be stopped at the exposure layer—web and email. In fact, Trend Micro has blocked more than 66 million ransomware-related spam, malicious URLs, and threats from January to May 2016.

Read More
Tags: Angler Exploit KitCERBERcrypto-ransomwareCryptXXXexploit kitsLockyNeutrino exploit kitpetyarig exploit kitTeslacryptTorrentLocker
Page 1 of 712 › »

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts
  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain
  • Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers
  • Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info
  • Analyzing C/C++ Runtime Library Code Tampering in Software Supply Chain Attacks

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.