Results for cryptowall

Threat Research

Ransomware And The Boot Process

Since its discovery in early 2016, we have tracked a number variations of Petya, a ransomware variant famous for multi-stage encryption that not only locks your computer, but also overwrites the Master Boot Record. Petya continues to persist, and in this blog we will take a deeper look at its more complex second stage of attack. Petya overwrites the Master Boot Record (MBR), along with its neighboring sectors using its boot code and a small kernel code. The MBR contains the master boot code, the partition table,...

By Raul AlvarezFebruary 01, 2017

Industry Trends

Ransomware to hit $1B in 2016

While there are many types of malware, including viruses, worms, Trojans, Spyware, Adware, and others, ransomware has gained the most notoriety over the last few years in part due to the popularity of crypto currency such as Bitcoin, as well its brazen ability to grind productivity to a complete halt. Simply put, ransomware is a considerable revenue generator. For example, CryptoWall v3 reported $325 million in global profit alone. Furthermore, the FBI claims that in just the first three months of 2016 ransomware cost victims in the United States...

By Damien LimSeptember 27, 2016

Threat Research

Ransomware – From Fins to Wings

The FBI recently published a report claiming that ransomware victims paid out over US$209 million just in the first quarter of 2016, compared to US$24 million for all of 2015. Ransomware has very quickly become the most fashionable malware on the market, flooding the threat landscape in ways never seen before. We are seeing new strains of ransomware almost every single day. What is Ransomware? Ransomware is malware that locks access or functionality on your computer and then demands payment in exchange for restoring normal operations...

By David MaciejakJune 24, 2016

Threat Research

Cerber Ransomware Marks Its Presence in the Wild, Catches up with CryptoWall and Locky

FortiGuard Labs uses the data it gathers from its over 2 million security sensors to keep an eye on trends related to ransomware--one of the areas of greatest concern when it comes to cyber security threats today.As a result of this effort, we previously talked about Locky’s rapid rise in prevalence in the first two weeks of its appearance. This time, we have observed yet another new ransomware family – Cerber – to be rapidly gaining prevalence in the wild. We gathered FortiGuard Intrusion Prevention System (IPS) telemetry...

Threat Research

CryptoWall, TeslaCrypt and Locky: A Statistical Perspective

It’s been over two weeks since we reported about Locky and predicted that it will be a major player in the ransomware scene. We decided to check our Intrusion Prevention System (IPS) telemetry statistics for CryptoWall, TeslaCrypt and Locky two weeks after (Feb 17th to March 2nd) to see how Locky is doing and where it sits compared to its more seasoned counterparts. While the statistics cover a short timeframe, it does give some insights not only on Locky’s early operations but also on how these three major ransomware families are...

By Roland Dela PazMarch 07, 2016

Threat Research

Keeping an Eye on Encryptor RaaS

Previously, we talked about a new ransomware-as-a-service called Encryptor RaaS. Encryptor RaaS is a GNU Compiler for Java (GCJ) compiled ransomware that is available to anyone who wishes to be a spreading affiliate. The author then takes 20% commission for each ransom paid by an infected victim. While monitoring, we noticed some updates on its website. In particular, the new version of the ransomware dated November 13, 2015, caught our attention so we decided to take a look. Currently, the website looks as follows: Figure 1. Updated...

By Roland Dela PazNovember 17, 2015

Threat Research

Keeping Pace with Cryptowall

Overview Cryptowall is a popular ransomware which targets computers running Microsoft Windows, encrypts files, and extorts money to decrypt user files. With its predecessor’s first appearance way back September 2013, cryptowall has become a financial success to its authors. Following this success, the authors have now released what is believed to be the 4th generation of cryptowall with new alterations techniques. Ransom Note The most obvious change from the previous cryptowall is the dropped files and message instructions after the...

By Rommel Abraham D. JovenNovember 13, 2015

Industry Trends

Why the Cyber Threat Alliance And Their CryptoWall V3 Report Matter To You

Not long ago, ransomware was a problem for consumers. Early versions hit unsuspecting users as early as 2005 but, while alarming, weren’t especially difficult to defeat. Even 10 years ago, the enterprise was a very different place than it is today, with BYOD in its infancy and far greater separation between work and personal environments. Ransomware authors also had not really begun to leverage the social engineering tactics that made infection much more likely, even for relatively savvy users.   Fast-forward to 2015 and attackers...

By Chris DawsonOctober 29, 2015

Industry Trends

Collaborating on Threat Research: What We Learned from the Cyber Threat Alliance CryptoWall v3 Research Project

There is a greater mission on the part of every security vendor to make the world safer and more secure for people to interact, do business, and communicate ideas.    Today is a big day for us. Today the Cyber Threat Alliance, founded May 30, 2014, published its first collaborative research project -- an analysis of the CryptoWall version 3 campaign (learn more about this project here). The CryptoWall research report represents the successful culmination of a big project, a 90-day proof of concept effort among the founding members...

By Derek MankyOctober 29, 2015

Industry Trends

Threat Intelligence Sharing At Work: Cyber Threat Alliance Tracks CryptoWall Version 3

CryptoWall and its variants are among the best-known types of ransomware, malware that encrypts files on end user hard drives and then prompts for payment of a ransom to decrypt the files. In many cases, if users don’t have recent backups, their only option to recover these files is to pay the ransom.    CryptoWall Version 3 (CW3) is the most recent major variant that uses sophisticated backend technical and financial infrastructure to extort payments from users, all while employing a variety of measures to slow detection and...

By Derek MankyOctober 28, 2015