ransomware
SamSam: The Doctor Will See You, After He Pays the Ransom
1 min read
Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to […]
Angler for Beginners in 34 Seconds
3 min read
Post authored by Martin Rehak, Veronica Valeros, Martin Grill and Ivan Nikolaev. In order to complement the comprehensive information about the Angler exploit kit from our Talos colleagues [
Your Files Are Encrypted with a “Windows 10 Upgrade”
4 min read
This post was authored by Nick Biasini with contributions from Craig Williams & Alex Chiu Update 8/1: To see a video of this threat in action click here Adversaries are always trying to take advantage of current events to lure users into executing their malicious payload. These campaigns are usually focussed around social events and are […]
Threat Spotlight: TeslaCrypt – Decrypt It Yourself
7 min read
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008 Update 5/8: We’ve made the source code available via Github here Update 6/9/2016: We’ve released a tool to decrypt any TeslaCrypt Version After the takedown of Cryptolocker, we have seen the rise […]
Cryptowall 3.0: Back to the Basics
6 min read
This post was authored by Andrea Allievi & Earl Carter Ransomware continues to impact a large number of organizations and the malware continues to evolve. In January, we examined Cryptowall 2.0 and highlighted new features incorporated into the dropper and Cryptowall binary. When Cryptowall 3.0 appeared, we were interested in seeing what new functionality was […]
New Fake UPS Malware Email Campaign
1 min read
We have detected evidence of a malware distribution campaign using messages masquerading as UPS delivery notification emails. These campaigns attempt to deceive the targets into thinking they are receiving mail from a trusted sender in order to dupe the recipient into installing malware, possibly for financial gain. Once the initial attack vector is installed, further […]