To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware. Given our love for unsolved mysteries, we jumped right on it. We’d like to think of this ongoing research as an opportunity for an open invitation to the larger security community to help nail down (or disprove) the link between BlackEnergy and ExPetr/Petya. Read Full Article
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Read Full Article
Schroedinger’s Pet(ya)
Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time. Despite rampant public speculation, the following is what we can confirm from our independent analysis. Read Full Article
Microsoft Security Updates November 2015
Microsoft posted four critical bulletins today, along with another eight rated Important and lesser. Microsoft’s summary is at the Technet site. All in all, the software maker is patching a large number of vulnerabilities this month, with 37 CVE listed vulnerabilities being fixed with the four critical Bulletins alone. Read Full Article
A new generation of ransomware
Trojan-Ransom.Win32.Onion is a highly dangerous threat and one of the most technologically advanced encryptors out there. Its developers used both proven techniques ‘tested’ on its predecessors and solutions that are completely new for this class of malware. Read Full Article
Cloud Services: Holes in Corporate Network Security
The most popular uses of cloud services include: storing image scans of passports and other personal documents; synchronization of password, contact list, and email/message databases; creating sites; storing versions of source codes, etc. Read Full Article
Cryptolocker Wants Your Money!
You may have read about the Cryptolocker malware, a new ransomware Trojan that encrypts your files and demands money to return them. In the past, we have witnessed similar malware like the famous GPCode that used RSA keys for encryption. Back in 2008, we… Read Full Article
Security policies: misuse of resources
According to surveys conducted in Europe and the United States, company employees spend up to 30% of their working hours on private affairs. Read Full Article
The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor
New Adobe PDFs exploiting CVE-2013-0640 drop sophisticated malware known as “MiniDuke”. Read Full Article
Trust but Verify: When CAs Fall Short
We’ve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it.… Read Full Article