Ransomware

Ransomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware is deployed filelessly through reflective DLL injection. The post Netwalker Fileless Ransomware Injected via Reflective Loading appeared first on .

We looked into the security implications of the changing banking paradigm with PSD2 in place. Our research highlights the current and new risks that the financial industry will have to defend against, and predict how cybercriminals will abuse and attack Open Banking. The post When PSD2 Opens More Doors: The Risks of Open Banking appeared first on .

Trend Micro recently found new samples of Dharma ransomware using a new technique: using software installation as a distraction to help hide malicious activities. The post Dharma Ransomware Uses AV Tool to Distract from Malicious Activities appeared first on .

Ransomware may have experienced a decline in 2018, but it seems to be getting back on track — only this time, attacks are looking to be more targeted. Coming on the heels of news about a ransomware attack against a U.S. beverage company which addressed the company by name in the ransom note, this blog post looks into a BitPaymer ransomware variant (detected by Trend Micro as Ransom.Win32.BITPAYMER.TGACAJ) that hit a U.S. manufacturing company. The post Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec appeared first on .

Through our managed detection and response (MDR) monitoring, we discovered the modular Emotet malware distributing the Nymaim malware, which then loads the Nozelesn ransomware. We detected this particular Emotet variant in one of our monitored endpoints in the hospitality industry in February 2019. For this threat investigation, we also sourced 580 similar Emotet file attachment samples from our telemetry and gathered data between January 9, 2019 and February 7, 2019. The post Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response appeared first on .

Smart Protection Network (SPN) data and observations from Managed Detection and Response (MDR) for the North American region show the persistence of older threats and tactics: delivery methods such as spam emails are still going strong, while ransomware attacks have seen a renewed vigor alongside newer threats such as cryptocurrency mining malware in the third quarter of 2018. However, the prevalence of these older threats should not be misconstrued as a sign that threat actors are resting on their laurels. In fact, it should be taken as proof that they are constantly improving proven tools and techniques to get ahead in the never-ending cat-and-mouse game between cybercriminals and security providers. The post Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response appeared first on .

We have recently observed the Virobot ransomware (detected by Trend Micro as RANSOM_VIBOROT.THIAHAH) which has botnet capabilities, affecting users in the United States. The post Viro Botnet Ransomware Breaks Through appeared first on .

While ransomware has noticeably plateaued in today’s threat landscape, it’s still a cybercriminal staple. In fact, it saw a slight increase in activity in the first half of 2018, keeping pace by being fine-tuned to evade security solutions, or in the case of PyLocky (detected by Trend Micro as RANSOM_PYLOCKY.A), imitate established ransomware families and ride on their notoriety. In late July and throughout August, we observed waves of spam email delivering the PyLocky ransomware. Although it tries to pass off as Locky in its ransom note, PyLocky is unrelated to Locky. PyLocky is written in Python, a popular scripting language; and packaged with PyInstaller, a tool used to package Python-based programs as standalone executables. The post A Closer Look at the Locky Poser, PyLocky Ransomware appeared first on .

We have been observing a malvertising campaign via Rig exploit kit delivering a cryptocurrency-mining malware and the GandCrab ransomware since July 25. On August 1, we found Rig’s traffic stream dropping a then-unknown ransomware. Delving into this seemingly new ransomware, we checked its ransom payment page in the Tor network and saw it was called Princess Evolution (detected by Trend Micro as RANSOM_PRINCESSLOCKER.B), and was actually a new version of the Princess Locker ransomware that emerged in 2016. Based on its recent advertisement in underground forums, it appears that its operators are peddling Princess Evolution as a ransomware as a service (RaaS) and are looking for affiliates. The post Ransomware as a Service Princess Evolution Looking for Affiliates appeared first on .

We recently discovered a new ransomware (Detected as RANSOM_BLACKHEART.THDBCAH), which drops and executes the legitimate tool known as AnyDesk alongside its malicious payload. The post Legitimate Application AnyDesk Bundled with New Ransomware Variant appeared first on .