<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:threatstopoa

Recent Posts

ThreatSTOp Incorporates New Tor Proxies Target

 

We are happy to announce a new ThreatSTOP originated target, TS Originated - Tor Proxies - Domains, which provides protection from various malware and ransomware variants which utilize Tor proxy services to attack victims.

Abuse of Tor proxy services for malicious use has been on the rise in the past two years, with many ransomware variants demanding ransom payments over the Tor network. The Tor network, which gives its users anonymity, is a great platform for threat actors to deploy their malicious activity while hiding from discovery.

Read More

Share this:

CryptXXX Ransomware is Rapidly Gaining Momentum

CryptXXX is a crypto-ransomware that debuted in April, 2016, and is said to be by the makers of Reveton, a very well-known police ransomware that terrorized victims at the beginning of the decade. Recently, CryptXXX has been spreading rapidly through phishing emails with malicious attachments, which lead to an attack chain using Neutrino and, previously, Angler exploit kits to ultimately download the ransomware.

Read More

Share this:

From the Creators of Locky Comes the New Bart Ransomware

A new ransomware variant that debuted this month, rumored to be made by the creators of Locky, has quickly become a variant to watch out for. Bart ransomware shares a number of characteristics with Locky which makes the "look and feel" of the ransomware similar, yet it is distinct because of two special traits. The first is its way of isolating the victim from his/her files - instead of using a strong asymetric encryption, like most ransomware variants today, Bart moves the user's files into individual zip archives and applies password protection to each of them. Also, Bart does not seem to use Control and Command servers, but rather relies on a distinct ID for each victim which will be relayed to the criminals during payment.

Read More

Share this:

Saudi Arabia Slips On This "Oily" Campaign

The OilRig Campaign, so named by PaloAlto Networks because the Persian word for oily—“nafti”—was hardcoded into a number of malware samples analyzed, consists of two attack waves against Saudi Arabian organizations beginning in late 2015. This campaign has been seen targeting financial institutions and technology organizations, as well as the defense industry. The malware used in the OilRig Campaign is the Helminth Backdoor Trojan.
Earlier attacks in this campaign infected victims using Windows executables disguised as fake job offers, followed by a malware dropper called HerHer.

Read More

Share this:

Cerber Ransomware Gets Stronger, Adds DDoS Capabilities

Cerber ransomware debuted in late February of this year, and has already become the third most prevalent ransomware based on a recent Fortinet statistic. The ransomware is typically distributed via emails containing macro-enabled Word documents, Windows Script Files, or Rich Text Documents. Cerber uses a strong, unbreakable encryption, and has a number of features that, when combined, make it unique in today's ransomware landscape.

Read More

Share this:

The Long-Awaited End of TeslaCrypt

The notorious TeslaCrypt ransomware has wreaked havoc on victims since its emergence in 2015. In March of this year, Fortinet ranked it as the third biggest player in the ransomware scene, after CryptoWall and Locky. TeslaCrypt was originally used to target gamers by encrypting files of popular games such as League of Legends, Call of Duty, World of Warcraft, etc. It has since evolved to become an extremely powerful ransomware with particularly caustic capabilities including anti-debugging and anti-monitoring features, string obfuscation, entrenchment, and more.

Read More

Share this:

RockLoader: New Downloader Malware

RockLoader is a new malware downloader that was recently discovered by Proofpoint. This downloader is being used by the same cybercriminals behind Locky ransomware, and is spreading a number of malware variants in addition to the notorious ransomware. These include the Dridex 220 botnet trojan, as well as Kegotip and Pony, two malware variants used to steal information.

Read More

Share this:

Locky Ransomware Domains - Followup Analysis Uncovers 130 New Indicators

Recently, there has been a lot of buzz over a flourishing ransomware that goes by the name of Locky, which encrypts a victim's data using a strong RSA-2048+AES-128 encryption and then demands between 0.5-2 bitcoins for the decryption of that data.

Read More

Share this:

Nymaim Trojan Blocks Access and Threatens Jail Time

Discovered in 2013, the Nymaim Trojan is a malware that is most notorious for its functionality as ransomware. Once installed, the Nymaim ransomware blocks all access to the victim's computer, displaying a full screen message declaring that the victim's computer was blocked and that they face years of jail time and thousands of Euros in fines unless they pay a supposed police 'fine' through an online payment service.

Read More

Share this: