Results for Teslacrypt

Industry Trends

DMA Locker 4.0: The Next Threat to Healthcare?

Lately, healthcare has been making headlines due to an onslaught of ransomware attacks from viruses like TeslaCrypt and CryptoWall. As a result of many lucrative successes in extorting ransom payments, the industry has been rightly named the number one target of cyber criminals by several research groups. And it doesn’t seem to be slowing down. Cyber criminals are looking to profit off of the traditionally soft target healthcare has presented due to its general lack of highly secure network and data center architectures. According to a malwarebytes...

By Ryan Edwards May 27, 2016

Threat Research

Japanese Trends in the Aggressive Activity of the "Locky" Ransomware

The Locky ransomware has shown no signs of slowing down its aggressive activity since it was first observed in mid-February up to the present, and it has already emerged as this year's major threat. The following report on Locky trends within Japan is based on information reported to FortiGuard by FortiGate installations around the world. Overview A detailed analysis of the ransomware itself has already been provided to our readers by our FortiGuard researchers. For more details, please see this blog entry. The post starts with a description...

By Kenichi TerashitaApril 05, 2016

Threat Research

Nemucod Adds Ransomware Routine

It came to our attention that a new, rather peculiar version of Nemucod has been recently landing on users. Nemucod is a well-known JavaScript malware family that arrives via spam email and downloads additional malware to PCs. Most recently, Nemucod has been known to download TeslaCrypt ransomware variants. However, the last few weeks saw a shift in Nemucod variants--it now has a code to drop ransomware from its body. The sample arrives via a typical Nemucod spam with encrypted JavaScript attachment.  Upon decrypting the JavaScript, we...

By Roland Dela PazMarch 16, 2016

Threat Research

CryptoWall, TeslaCrypt and Locky: A Statistical Perspective

It’s been over two weeks since we reported about Locky and predicted that it will be a major player in the ransomware scene. We decided to check our Intrusion Prevention System (IPS) telemetry statistics for CryptoWall, TeslaCrypt and Locky two weeks after (Feb 17th to March 2nd) to see how Locky is doing and where it sits compared to its more seasoned counterparts. While the statistics cover a short timeframe, it does give some insights not only on Locky’s early operations but also on how these three major ransomware families are...

By Roland Dela PazMarch 07, 2016

Threat Research

New CryptoWall Variant In The Wild

UPDATE: Upon further analysis, we discovered that the malware described in this report is actually a variant of TeslaCrypt, not CryptoWall. We initially identified the malware as CryptoWall because "CryptoWall decrypter" is mentioned as the decryption tool for files encrypted by the ransomware in the payment web page. However, we found that the version of the ransomware under investigation is 2.2. However, the latest CryptoWall version is 4.0, which was first detected in November.  TeslaCrypt has been disguised as CryptoWall...

By Peixue LiDecember 18, 2015