Malware descriptions

GpCode.af

Yesterday evening we started receiving messages from users in Russia who’d been infected by the latest version of GpCode, a cyber blackmail virus.

In comparison to the previous variant, GpCode.ae, which we detected last week, this new variant uses a stronger encryption algorithm (RSA 330 bit); this makes it more difficult for our virus analysts to develop decryption. However, we’ve been successful, and we added detection and decryption for infected files to our antivirus databases.

Users who have been infected by GpCode.af should download the latest antivirus databases and fully scan their computers.

One point that we want to stress: at the moment, we’re still not 100% sure how this virus penetrates victim computers. You should exert maximum caution: don’t launch files that you receive via email, and ensure that your operating system and browser is fully patched.

Finally, back up your data on a regular basis. Then if the worst ever does happen – and we hope it won’t – you’ll still have a copy of whatever you were working on.

GpCode.af

Your email address will not be published. Required fields are marked *

 

Reports

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox