Ouroboros: Following A New Trend In Ransomware League

Credit to Author: Manisha Prajapati| Date: Tue, 18 Feb 2020 09:45:17 +0000

Ransomware authors keep exploring new ways to test their strengths against various malware evasion techniques. The ransomware known as “Ouroboros” is intensifying its footprint in the field by bringing more and more advancements in its behavior as it updates its version. This analysis provides the behaviour of version 6, few…

Read more

A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk

Credit to Author: Goutam Tripathy| Date: Thu, 13 Feb 2020 09:57:14 +0000

Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with…

Read more

HorseDeal Riding on The Curveball!

Credit to Author: Jayesh kulkarni| Date: Wed, 05 Feb 2020 06:17:49 +0000

It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could…

Read more

Ako Ransomware targeting businesses using RaaS

Credit to Author: Shriram Munde| Date: Fri, 24 Jan 2020 11:00:51 +0000

Ako Ransomware targeting businesses using RaaS Quick Heal security researchers recently observed ransomware that uses RaaS (Ransomware as a Service) which is a subpart of MaaS (Malware as a Service). Before delving into the AKO ransomware or RaaS, one must understand what Malware as a Service means, as it is…

Read more

First Node.js-based Ransomware : Nodera

Credit to Author: Ravi Gidwani| Date: Wed, 22 Jan 2020 11:12:25 +0000

Recently while threat hunting, Quick Heal Security Labs came across an unusual Node.js framework based Nodera ransomware. The use of Node.js framework is not seen commonly across malware families. Latest development by threat actors reveal a nasty and one-of-its-kind ransomware being created; one that uses Node.js framework, which enables it to infect Windows…

Read more

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

Credit to Author: Jayesh kulkarni| Date: Wed, 15 Jan 2020 14:13:09 +0000

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data…

Read more