Results for cryptography

Threat Research

From Shark to Atom: Ransomware Service Offers Generous Returns

It’s been just less than a month since the Shark Ransomware was discovered, and there is already an upgrade from the same authors, along with a new Ransomware-as-a-Service (RaaS) website,a new name, and new features. While this site follows the standard RaaS business model being commonly used by other ransomware developers, it has a new twist.  Besides the usual offer to let users customize and build their own ransomware, Atom is being promoted as a “Ransomware Affiliate Program.” The twist is that it offers the soon-to-be...

By Rommel JovenSeptember 12, 2016

Threat Research

Locky NSIS-based Ransomware is Embracing Its New End of Summer Shape

Over the last few months we saw that Locky’s loader uses seed parameter to execute properly. This method was probably used to prevent sandboxing, since it will not execute without the correct parameter. Afterwards, we saw Locky shift itself from an EXE to Dynamic Link Library (DLL). We recently encountered yet another Locky development, where binary strains are using the Nullsoft installer package as its loader. In this post we will delve into how to unpack the final binary payload from its Nullsoft package loader. Decompressing Locky’s...

Threat Research

Take it Easy, and Say Hi to This New Python Ransomware

A new ransomware variant, named “Fsociety Locker” (“Fsociety ALpha 1.0”), showed up recently seeking a place in the threat marketplace. The authors of this malware must be “Mr. Robot” fans, as the name “Fsociety” refers to the fictional group of hackers in that show. This new ransomware variant is one of the very few examples of Python-based ransomware in the wild. Python is typically considered to be a fast, easy language to code in, so this maybe the start of a new malware trend.  In this...

By Sarah (Qi) Wu and He XuSeptember 01, 2016

Threat Research

On-Demand Polymorphic Code In Ransomware

Ransomware is now a common term not only in the security industry, but also in our day-to-day life. A new ransomware seems to pop up almost every given day. What we don’t normally see is how codes are implemented within these malware. Ransomware employs different techniques and attack vectors in order to infiltrate your computer system. They also use different armoring techniques to evade detection and avoid analysis. One trick they use to harden themselves against analysis is through implementing metamorphic, encryption, and polymorphic algorithms.We...

By Raul AlvarezJune 07, 2016

Industry Trends

WhatsApp vs Telegram

The competition for the most secure instant messaging tool has been running for years. It re-surfaced this month when WhatsApp announced it has completed implementing end-to-end encryption. Curiously, in security research circles, this has resulted in endless debates between WhatsApp and Telegram. Very much like Emacs vs Vi, everybody has a (strong) opinion, but there is no general consensus. ;) I think we can agree that Signal, WhatsApp, and Telegram stand out as the most secure messaging solutions - thanks to end-to-end encryption or Perfect...

By Axelle ApvrilleApril 15, 2016