ransomware

May 16, 2017

FINANCIAL SERVICES

Ransomware Lessons for the Financial Services Industry

As long as there have been banks, there have been bank robbers. In the past, bank robbers may have held up bank tellers at gunpoint. Today, threats are less visible—but just as frightening. This weekend’s massive ransomware attack demonstrated just how pervasive, far-reaching, and devastating a cyberattack can be. What is ransomware? Even if you […]

May 16, 2017

EDUCATION

Held for Ransom(ware): Protecting Your School—and Data—from Current Cyber Threats

It is no longer a matter of “if” your organization will suffer a security breach; it’s a matter of “when.” Learn how to protect your school.

May 16, 2017

GOVERNMENT

WannaCry Type Ransomware a Growing Threat: 5 Easy Steps to Protect Your Agency

It all started harmlessly enough. A pleasant sounding ping on her phone and a quick check of her email. But it then quickly descended into a weekend of worry. For people in both the public and private sector, cyber attack has become a potentially life-altering and seemingly unstoppable threat that is beginning to define our everyday […]

May 12, 2017

HEALTHCARE

Healthcare Organizations: What You Need to Know About the NHS Cyberattack

Today’s news of the cyberattack affecting healthcare organizations—including the National Health Service (NHS)—in the UK, is sobering. Sources are reporting that the ransomware attack has “crippled the health system’s ability to treat patients.” Thousands of non-emergency appointments have been canceled, and ambulances have been diverted to other facilities, leading the NHS to declare the attack […]

April 21, 2017

THREAT RESEARCH

Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs

This post was authored by Nick Biasini Throughout the majority of 2016, Locky was the dominant ransomware in the threat landscape.  It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicle to deliver the payload via […]

March 8, 2017

THREAT RESEARCH

Crypt0l0cker (TorrentLocker): Old Dog, New Tricks

Ransomware continues to be a plague on the internet and still sets itself as the fastest growing malware family we have seen in the last number of years. In this post we describe the technical details about a newly observed campaign of the notorious Crypt0l0cker (aka TorrentLocker or Teerac) ransomware. Crypt0l0cker has gone through a […]

February 10, 2017

SECURITY

Indicators of Compromise and where to find them

Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system. Where do they look? Social media, new feeds, industry reports, Threat Grid sample […]

November 28, 2016

THREAT RESEARCH

Cerber Spam: Tor All the Things!

This post authored by Nick Biasini and Edmund Brumaghin with contributions from Sean Baird and Andrew Windsor. Executive Summary Talos is continuously analyzing email based malware always looking at how adversaries change and the new techniques that are being added on an almost constant basis. Recently we noticed some novel ways that adversaries are leveraging […]

October 13, 2016

THREAT RESEARCH

LockyDump – All Your Configs Are Belong To Us

      Locky has continued to evolve since its inception in February 2016. This has made it difficult to track at times due to changes in the way in which it’s distributed as well as various characteristics of the malware itself. The actors responsible for Locky have continuously attempted to improve operational security (OpSec) […]