Tag Archives: malware

A new malware do-it-yourself kit called Karmen is making it easy for wannabe cybercriminals to launch ransomware attacks. Security researchers believe the recently discovered ransomware as a service (RaaS) offering was developed in part by a Russian-speaking ransomware author who goes by the alias DevBitox. For a price, Karmen can turn almost anyone into a cybercriminal in just a few clicks.   RaaS offerings like Karmen began popping up on the dark web in 2015 and ransomware developers have continued to make the kits more user-friendly over time. Karmen is…

Continue reading

People charged with filling career positions at their companies need to be on the lookout for ransomware—especially GoldenEye ransomware. GoldenEye is a new form ransomware written by the same cybercriminal who gave us the Petya and Mischa ransomware attacks. The author has applied some of the same distribution tactics that Petya and Mischa are known for by masking the ransomware as a job application. GoldenEye attacks typically begin with an email that appears to be from someone interested in a position. The inboxes of human resource personnel and hiring managers…

Continue reading

PopcornTime is a newly-discovered form or ransomware that is still in the development stages but operates off a disturbing principle: Victims who have their files encrypted by PopcornTime can agree to pay the ransom, or they can choose to send the ransomware to friends. If two or more of those friends become infected and pay the ransom, the original victim gets their files decrypted for free. The process is reminiscent of the movie, “The Ring,” where victims who had watched a film had seven days to make a copy of…

Continue reading

The latest version of Cerber ransomware is targeting database applications and putting business’s most valuable data at risk, according to recent reports. Large database applications such as Oracle, Microsoft SQL Server, MySQL and others contain critical data for things like Enterprise Resource Planning (ERP), Customer Relationship Management (CRM) and Electronic Medical Record system. And the latest version is aiming to encrypt all of them in addition to documents, spreadsheets and multimedia files. How Cerber ransomware works Ransomware victims are not chosen on an individual basis. Instead, they’re usually found within…

Continue reading

Ransomware infections are becoming increasingly commonplace, and companies that put a plan together before an incident are much more effective at combatting this pervasive malware. Ransomware response can be broken down into seven steps. Here’s a cheat sheet: Validate The first step is to confirm whether a reported ransomware infection is an actual infection. There are cases where a user reports what they think is ransomware, but it turns out to be adware, phishing, or some other virus. Validation is important because it keeps efforts focused on important issues. But…

Continue reading

As if encrypting your individual files was not enough, a recently discovered ransomware virus called Mamba encrypts your entire hard drive. This may sound similar to the Peyta drive encryption ransomware that made headlines earlier this year. But Mamba is a different animal. It differs from Peyta in that it encrypts the entire hard drive while Peyta encrypts only the Master File Table (MFT), the information store that tracks which files are on the drive and where they are located. With Peyta, forensics can recover the data from the drive…

Continue reading

We all know money is the motivating force behind cybercrimes like the creation and distribution of ransomware. The interesting twist with ransomware is that the basic rules of supply and demand become a little hard to follow. Typically you have a buyer and a seller. In the case of ransomware, the distributor—or supplier—has to steal what’s in demand—your data. Cybercriminals create the demand by restricting access. Victims realize they need access and­—if they cannot get access themselves by restoring critical files from backup—they end up paying the ransom and fueling…

Continue reading

A Pokemon Go-themed ransomware virus has appeared on Windows computers, tablets, and phones. The ransomware is the latest in a series of malicious applications that have popped up in the wake of the global Pokemon Go obsession. This particular piece of malware is known as POGO Tear and it’s based on open source ransomware code called Hidden Tear. POGO Tear encrypts the files on victims’ computers, changes the extension to “.locked” and then demands a ransom on a screen emblazoned with famed character Pikachu’s picture. POGO Tear is currently coded…

Continue reading

Ransomware creators are monetizing their software in creative new ways. Not only are they using ransomware to encrypt files and collect ransoms, but they’re also selling their ransomware to others as do-it-yourself (DIY) kits and licensing it as a service. DIY Ransomware Criminals can purchase popular ransomware such as Cryptolocker, Cerber, Locky and Stampado as DIY kits with prices ranging from $39 to $3,000. These DIY kits allow criminals to quickly customize and distribute their ransomware to start collecting money. There is wide variation in the types of DIY kits…

Continue reading

The US presidential election is upon us and some political activists are out in the streets, and in convention halls. And some are busy hacking. I am referring to the hacktivists, those who illegally use technology to promote a social or political agenda. The main difference between hacktivists and other cybercriminals is that hacktivist crimes are typically associated with a protest or political motivation. In the early days of hacktivism, hackers used computer worms to spread messages, such as the 1989 Worms Against Nuclear Killers (WANK) anti-nuclear message that sent…

Continue reading