To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware. Given our love for unsolved mysteries, we jumped right on it. We’d like to think of this ongoing research as an opportunity for an open invitation to the larger security community to help nail down (or disprove) the link between BlackEnergy and ExPetr/Petya. Read Full Article
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware. Read Full Article
Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time. Despite rampant public speculation, the following is what we can confirm from our independent analysis. Read Full Article
Microsoft posted four critical bulletins today, along with another eight rated Important and lesser. Microsoft’s summary is at the Technet site. All in all, the software maker is patching a large number of vulnerabilities this month, with 37 CVE listed vulnerabilities being fixed with the four critical Bulletins alone. Read Full Article
Trojan-Ransom.Win32.Onion a highly dangerous threat and one of the most technologically advanced encryptors out there. Its developers used both proven techniques ‘tested’ on its predecessors and solutions that are completely new for this class of malware. The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server. Read Full Article
The most popular uses of cloud services include: storing image scans of passports and other personal documents; synchronization of password, contact list, and email/message databases; creating sites; storing versions of source codes, etc. Read Full Article
You may have read about the Cryptolocker malware, a new ransomware Trojan that encrypts your files and demands money to return them. In the past, we have witnessed similar malware like the famous GPCode that used RSA keys for encryption. Back in 2008, we… Read Full Article
According to surveys conducted in Europe and the United States, company employees spend up to 30% of their working hours on private affairs. Read Full Article
New Adobe PDFs exploiting CVE-2013-0640 drop sophisticated malware known as “MiniDuke”. Read Full Article
We’ve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it.… Read Full Article