Results for Raul Alvarez

Threat Research

Key Differences Between Petya and NotPetya

There have already been a lot of write-ups for the NotPetya malware. This article is just a supplement for what is already out there. Our focus is to highlight some key differences between a previous strain of the Petya ransomware and the malware that scared everyone a few weeks ago, which is now sometimes being referred to as NotPetya. I posted a blog post a couple of months ago about the MBR (Master Boot Record) infected by Petya. I explained how the ransomware infected the boot process and how it executed its own kernel code. In this post,...

By Raul AlvarezJuly 09, 2017

Threat Research

Ransomware And The Boot Process

Since its discovery in early 2016, we have tracked a number variations of Petya, a ransomware variant famous for multi-stage encryption that not only locks your computer, but also overwrites the Master Boot Record. Petya continues to persist, and in this blog we will take a deeper look at its more complex second stage of attack. Petya overwrites the Master Boot Record (MBR), along with its neighboring sectors using its boot code and a small kernel code. The MBR contains the master boot code, the partition table,...

By Raul AlvarezFebruary 01, 2017

Threat Research

On-Demand Polymorphic Code In Ransomware

Ransomware is now a common term not only in the security industry, but also in our day-to-day life. A new ransomware seems to pop up almost every given day. What we don’t normally see is how codes are implemented within these malware. Ransomware employs different techniques and attack vectors in order to infiltrate your computer system. They also use different armoring techniques to evade detection and avoid analysis. One trick they use to harden themselves against analysis is through implementing metamorphic, encryption, and polymorphic algorithms.We...

By Raul AlvarezJune 07, 2016

Threat Research

Metamorphic Code In Ransomware

Ransomware is a category of malware that scrambles your files or lock your computer while asking for ransom.  We have encountered different versions of ransomware, and seen their effects.  We also have seen a different kind of ransomware that not only holds your computer for ransom, but also infects your files for persistency. Virlock is a ransomware that locks your screen for ransom, while infecting your files with its malicious code. Virlock is an interesting malware not only because it is a ransomware and file infector in one, but...

By Raul AlvarezJanuary 26, 2016