Everything you wanted to know about Ransomware…but were afraid to ask

What is Ransomware? Ransomware is a type of malicious software that prevents users from accessing their computer system or files until a sum of money (ransom) is paid. In the malware landscape, ransomware has earned itself a well-deserved nasty reputation. There are two types of ransomware identified in this branch of the malware family tree; 1) locker ransomware and 2) crypto ransomware Locker ransomware effectively locks Windows access preventing the user from accessing their desktop or files. Typically designed to prevent access to one’s computer interface, Locker ransomware mostly leaves the underlying system and files unaltered.  A message would be [...]

By | 2018-12-07T16:14:54-05:00 May 18th, 2018|Data Breach, Encryption, Information Security, Malware, Privacy, Uncategorized, Viruses, Vulnerabilities|Comments Off on Everything you wanted to know about Ransomware…but were afraid to ask

The Zenis Ransomware Variant Goes the Extra Mile

Overview Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer or files.  A subset of ransomware called crypto ransomware (or crypto virus) has seen a dramatic rise in use over the last few years.  Crypto ransomware’s modus operandi involves encrypting popular and common file types on a compromised system and then demanding a ransom from the user for a key that can then be used to decrypt the files. In Q3 2017, according to Malwarebytes, a company is hit with ransomware every 40 seconds.  This was an increase of 3x [...]

By | 2018-03-21T22:04:03-05:00 March 21st, 2018|Malware|Comments Off on The Zenis Ransomware Variant Goes the Extra Mile

Target Data Breach Timeline

Updated: Originally posted by the WSJ, and sourced here from Business Insider, Target had warning last spring about a new emerging threat against POS systems.  Internal analysts requested additional scrutiny. Updated: According to an article posted on Krebsonsecurity "the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor." The recent retail breaches show that compliance is not enough.  Cyber security needs to be an organizational wide initiative:    Initial Target Data Breach Breach: Target, sometime between Thanksgiving and December 15th, 2013.  Estimated 40 million records. Discovered: Sometime around mid December 2013. Reported: Target confirms [...]

Hackers announce ramsomware toolkit

Two hackers, going by 'gyx' and 'Porphyry', have released what they are calling Prison Locker, a toolkit for customizing your own ramsomware.  They are apparently selling it for as little as $100.  This is not good news for users who have yet to protect their systems.  Given that this can now come through many different avenues and with many different customizations it makes this malware much more dangerous. Read more: http://thehackernews.com/2014/01/power-locker-ransomware-upcoming_3.html

By | 2014-01-13T14:41:17-05:00 January 8th, 2014|Computer & Network Security, Malware, Viruses|0 Comments

Who was affected by the php.net attack?

Geographic breakdown of machines infected by DGA Changer This is related to our initial post about the PHP.net attack and whether or not the source code was compromised.  According to this article, "One of five distinct malware types served to visitors of php.net from October 22 to October 24, DGA.Changer employs a novel way of evading detection and takedown attempts." Source: http://arstechnica.com/security/2013/12/hackers-who-breached-php-net-exposed-users-to-highly-unusual-malware/    

McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office

Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample targeting Microsoft Office. After some investigation, we confirmed this is a zero-day attack. [av_button label='Read More' link='manually,http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='left' icon_select='no' icon='ue800' font='entypo-fontello']

Top 5 malware that kept researchers up at night

Which malicious code would be most frightening if sinister pieces of malware could rise from the dead on Halloween? Well, malware researchers spend all their time working with the creations of people who intend others harm, so you might expect they would be pretty immune to nervousness about the effects of malicious code. And it is true; a lot of us are very jaded about your average malware. Researchers certainly have a sense of the potential danger of the materials we are working with and are appropriately cautious, but there are some threats that are so scary that we will [...]

By | 2013-12-23T16:23:33-05:00 October 31st, 2013|Computer & Network Security, Malware|0 Comments

PHP source code compromised?

Source: http://barracudalabs.com/2013/10/php-net-compromise/  It was announced that the PHP website was hacked and serving malware.  If the attackers had access to their internal servers, can we trust the PHP sourcecode anymore? So far PHP Group has been unable to determine the cause of an infection to two of their servers.  According to their reports, they have recreated web servers and have revoked the PHP SSL cert and are reissuing it in case the private key was compromised. According to Rasmus Lerdorf, PHP creator, "Not much to say about the effect on end users who visited the site during that time because [...]