Results for crypto

Threat Research

Cryptojacking: Digging for your own Treasure

Do you ever feel the Internet is especially slow these days? Or do you ever wonder if maybe it’s just your computer that’s getting slower? Don’t rush to the IT shop to buy a new computer yet … you may have been a victim of a new trick used by malevolent hackers called browser “cryptojacking.” What is cryptojacking? It’s a trick used to mine cryptocurrencies on your computer using your CPU resources in the background without your knowledge. All that a cybercriminal has to do is load a script...

By David MaciejakOctober 19, 2017

Industry Trends

Strengthening the Security Fabric of Blockchain

Blockchain is a shared and continuously reconciled database used to maintain a list of digital records, called blocks. It is quickly becoming an important tool not just for financial information, but also for managing and recording virtually all types of data, such as medical and other records, identity management, and transaction processing. Because a blockchain database is distributed and interconnected, it provides several essential services. The first is transparency. Because data is embedded within the network as a whole, it is by definition...

By Hemant JainJune 20, 2017

Threat Research

Locky Happens: Notorious Ransomware Leaves an Unpleasant Trace

We attended the recent VB 2016 conference to present our findings on the development and evolution of Locky ransomware. In that same presentation we also discussed an automation system designed by Fortiguard to extract its configuration and hunt for new variants. Locky-ly (*wink*), while improving the system we couldn’t help but notice another new variant. Actually, aside from the encrypted file name extension change, there are no major developments from the “.odin” variant in this new variant. However, it appears that criminals...

Threat Research

The Locky Saga Continues: Now Uses .odin as File Extension

As a result of our continuous monitoring of the Locky ransomeware we discovered a new Locky variant. This variant now appends a “.odin” extension to its encrypted files. This is now the third time that the extension has been changed. Aside from this, in this report we will also examine some of its other minor updates. It’s not Odin. It’s Locky      The transition from “.locky” to “.zepto” extension has caused some confusion to the malware research scene. Due to this update,...

Threat Research

From Shark to Atom: Ransomware Service Offers Generous Returns

It’s been just less than a month since the Shark Ransomware was discovered, and there is already an upgrade from the same authors, along with a new Ransomware-as-a-Service (RaaS) website,a new name, and new features. While this site follows the standard RaaS business model being commonly used by other ransomware developers, it has a new twist.  Besides the usual offer to let users customize and build their own ransomware, Atom is being promoted as a “Ransomware Affiliate Program.” The twist is that it offers the soon-to-be...

By Rommel JovenSeptember 12, 2016

Threat Research

Take it Easy, and Say Hi to This New Python Ransomware

A new ransomware variant, named “Fsociety Locker” (“Fsociety ALpha 1.0”), showed up recently seeking a place in the threat marketplace. The authors of this malware must be “Mr. Robot” fans, as the name “Fsociety” refers to the fictional group of hackers in that show. This new ransomware variant is one of the very few examples of Python-based ransomware in the wild. Python is typically considered to be a fast, easy language to code in, so this maybe the start of a new malware trend.  In this...

By Sarah (Qi) Wu and He XuSeptember 01, 2016

Threat Research

Cracking Locky’s New Anti-Sandbox Technique

The last few weeks saw new variants of the Locky ransomware that employs a new anti-sandbox technique. In these new variants, Locky’s loader code uses a seed parameter from its JavaScript downloader in order to decrypt embedded malicious code and execute it properly. For example, the downloaded Locky executable is executed by the JavaScript in the following manner: sample.exe 123 Below is a screenshot of it in action: This new trick may pose challenges for automated Locky tracking systems that utilize sandboxing due to the following...

Industry Trends

WhatsApp vs Telegram

The competition for the most secure instant messaging tool has been running for years. It re-surfaced this month when WhatsApp announced it has completed implementing end-to-end encryption. Curiously, in security research circles, this has resulted in endless debates between WhatsApp and Telegram. Very much like Emacs vs Vi, everybody has a (strong) opinion, but there is no general consensus. ;) I think we can agree that Signal, WhatsApp, and Telegram stand out as the most secure messaging solutions - thanks to end-to-end encryption or Perfect...

By Axelle ApvrilleApril 15, 2016

Industry Trends

Cyber Arms Race Goes Nuclear With Quantum Computing

Strong encryption is the security professional's arms race. There is no such thing—and never has been nor ever will be—as unbreakable code. The best we can strive for is code that will take a cyberthief's computers so long to break that it becomes impractical. In short, the thief will conclude that there are much easier ways to make his money, softer targets to hit. The problem is that, thanks to Moore's Law and its various corollaries, computing power continually gets better, faster and can fit into smaller form factors....

By Evan SchumanSeptember 09, 2015