Test subject – Loky Lukitus ransomware The Lukitus Loki variant is part of a new campaign following the “diablo” variant and is distributed via email campaigns containing malicious scripts either as office files or zip archives. One interesting feature of this variant, similar to the CryptoWall functionality, is that of scrambling files to make recovery even more difficult. […]
About Calin Ghibu
Technical background: over 15 years experience in testing, developing, researching and managing network security solutions. Currently focusing on information security and IT management.
Specialties: Network audit, information security, web security, endpoint security, perimeter security SIEM, legal compliance, competitive intelligence.
Entries by Calin Ghibu
Cerber made the headlines again, this time with the latest variant as it brings new functions to the table. Some experts say that the evolution of ransomware is towards developing worm-like capabilities, like NotPetya and WannaCry, but this new Cerber variant shows another development direction: that of adapting ransomware to perform data exfiltration as well. […]
Anti-ransomware is a technology created to protect user data, in response to the ransomware phenomenon, a major concern and one of the biggest threats to cyber security nowadays. However, it is a rather new type of threat as major ransomware attacks started over three years ago, and it took some time until the community recognized […]
Test subject – GlobeImposter ransomware This GlobeImposter ransomware is delivered as a java script via email campaigns and bypasses classic antivirus detection technologies. It has been maintaining a very low detection rate on Virustotal.com for several days. At the time of our live test, this variant was a top contributor to the latest ransomware incidents, according to the Bleeping […]
File monitoring is an internal audit process of automatically observing and recording important aspects regarding how files are being accessed and how they change over time. Many controls defined by security standards require the implementation of such processes for compliance. In essence, file monitoring is performed for two important reasons: – To ensure the integrity […]
Test subject – PowerShell ransomware This PowerShell ransomware variant is particularly dangerous because it bypasses conventional anti-malware tools and renders files unusable. It uses a legitimate process to run the file encryption, eluding application control, heuristics and sandbox detection techniques. At the time of the test, less than a quarter of the solutions (according to […]
Test subject – Oxar, a HiddenTear variant Oxar is a HiddenTear variant with a highly destructive potential. It features anti-debugging characteristics like protected memory zones, as well as environmental awareness to identify Sandobx environments. The ransomware encrypts user data into new files with the “.OXR” extension, and then removes the original. It demands a Bitcoin […]
Anti-ransomware software supports your disaster recovery plan and protects files and backups and so it is a great addition to your strategy. Disaster recovery plans are being developed to ensure business continuity in case of incidents that affect systems and data. All such projects include solutions that perform regular backups of important files, in various […]
Lately, there is a lot of disagreement related to why people who have various types of antivirus solutions in place, still get infected by ransomware. Experts’ opinions on the matter vary, some say antivirus is obsolete and should evolve into something else, like ransom antivirus, while others advocate for multi-layered ransomware protection strategies that include several […]