no-image

The devil’s in the Rich header

In our previous blog , we detailed our findings about the attack against the Pyeongchang 2018 WinterOlympics. For this investigation, our analysts were provided with administrative access to one of the affected servers located in a hotel based in Pyeongchang county, South Korea. In addition, we collected all available evidence from various private and public sources and worked with several companies on investigating the C&C infrastructure associated with the attackers. Read Full Article

no-image

Kaspersky Security Bulletin: Threat Predictions for 2018

Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe. Read Full Article

no-image

No Free Pass for ExPetr

Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won’t write the special malicious code which encrypts the MFT to MBR. Some have even speculated that some kind of conspiracy might be ongoing.… Read Full Article

no-image

From BlackEnergy to ExPetr

To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware. Given our love for unsolved mysteries, we jumped right on it. We’d like to think of this ongoing research as an opportunity for an open invitation to the larger security community to help nail down (or disprove) the link between BlackEnergy and ExPetr/Petya. Read Full Article

no-image

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware

After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware. Read Full Article

no-image

APT Trends report, Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries. During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with IOC data and YARA rules to assist in forensics and malware-hunting. Read Full Article