Exploit This

Security News, Exploits, and Vulnerabilities.

WannaCry and Lazarus Group – the missing link?

Moments ago, Neel Mehta, a researcher at Google posted a mysterious message on Twitter. The cryptic message in fact refers to similarity between samples that have shared code between themselves. The two samples Neel refers to post are a Wannacry cryptor sample and a Lazarus APT group sample.

WannaCry FAQ: What you need to know today

Friday May 12th marked the start of the dizzying madness that has been ‘WannaCry’, the largest ransomware infection in history. Defenders have been running around trying to understand the malware’s capabilities. In the process, a lot of wires have gotten crossed and we figured it’s time to sit down and set the record straight on what we know, what we wish we knew, and what the near future might hold for us going forward.

WannaCry ransomware used in widespread attacks all over the world

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows.

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil. This sample is what could be considered as the “father” of other XPan ransomware variants. A considerable amount of indicators within the source code depict the early origins of this sample.

Ransomware in targeted attacks

Ransomware’s popularity has attracted the attention of cybercriminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money. In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an organization’s network nodes and servers.

PetrWrap: the new Petya-based ransomware used in targeted attacks

This year we found a new family of ransomware used in targeted attacks against organizations. After penetrating an organization’s network the threat actors used the PsExec tool to install ransomware on all endpoints and servers in the organization. The next interesting fact about this ransomware is that the threat actors decided to use the well-known Petya ransomware to encrypt user data.

A look into the Russian-speaking ransomware ecosystem

In other words, crypto ransomware is a fine tuned, user friendly and constantly developing ecosystem. In the last few years we, at Kaspersky Lab, have been monitoring the development of this ecosystem. This is what we’ve learned.

Happy Seventh Birthday, KrebsOnSecurity!

Hard to believe it’s time to celebrate another go ’round the Sun for KrebsOnSecurity! Today marks exactly seven years since I left The Washington Post and started this here solo thing. And what a remarkable year 2016 has been!

Before You Pay that Ransomware Demand…

A decade ago, if a desktop computer got infected with malware the chief symptom probably was an intrusive browser toolbar of some kind. Five years ago you were more likely to whacked by a banking trojan that stole all your passwords and credit card numbers. These days if your mobile or desktop computer is infected what gets installed is likely to be “ransomware” — malicious software that locks your most prized documents, songs and pictures with strong encryption and then requires you to pay for a key to unlock the files.

Kaspersky Security Bulletin 2016. Story of the year

Between January and September 2016 ransomware attacks on business increased three-fold –to the equivalent of an attack every 40 seconds. With the ransomware-as-a-service economy booming, and the launch of the NoMoreRansom project , Kaspersky Lab has named ransomware its key topic for 2016.

%d bloggers like this: