Entries by FM Team

Ranstop blocks new variant of Dharma(Crysis) ransomware

Ransomware test subject – Dharma (Crysis) Dharma is no new ransomware. In fact, it has been around since 2016 and has seen, over time, nothing but improvements on all levels. Dharma is distributed using all possible methods, from RDP, email campaigns, infected downloads to exploit kits, mainly targeting businesses. In late 2018, Dharma gained even […]

Ranstop thwarts Deadmin ransomware attack

Ransomware test subject – Deadmin Part of sophisticated network attacks targeting mostly businesses, Deadmin is a new ransomware pushed by hackers and cybercriminals on poorly protected systems. The malicious software bundle comes with a plethora of features, which certainly will cause panic among system administrators and users. It includes password collectors, remote login hacking tools, […]

Ranstop blocks Maze ransomware

Ransomware test subject – Maze Ransomware is often pushed on business networks and PCs using specialized software named exploit kits. These are software packages that run on the victim’s PC after visiting an infected website or opening malicious email attachments. One of these exploit kits is Spelevo, which, lately, is pushing the Maze ransomware, after […]

Well-known shipping company attacked by ransomware

The series of ransomware attacks that has showed up lately continues. This time, a well-known shipping company, Pitney Bowes, serving more than 1 million customers throughout the world, and some of the Fortune 500 companies, was hit by a ransomware variant that prevented clients from accessing services. Find out more in this article: https://threatpost.com/pitney-bowes-hit-with-ransomware-attack/149156/.

Ranstop blocks OnyxLocker ransomware

Ransomware test subject – OnyxLocker Lately, we’ve been writing about ransomware, which exploited weak systems and networks, so this time, we’re focusing on malware, which exploits the user and its awareness. Today’s ransomware is called OnyxLocker, and it targets Russian speakers. It is actively distributed using malware campaigns, emails containing malicious attachments, accompanied by text […]

Ranstop blocks TFlower ransomware

Ransomware test subject – TFlower TFlower ransomware is targeting businesses as we speak. Hackers are infiltrating poorly secured infrastructures or services and manually execute the malware. We’ve seen this kind of attack increase lately, and there are legitimate reasons to worry. Just today, a Danish hearing aid manufacturer announced that they might end up losing […]

Ranstop blocks Eva Richter (Ordinypt) ransomware

Ransomware test subject – Eva Richter (Ordinypt) German speakers were recently hit by a series of malware campaigns, distributing fake ransomware. We call it fake because even though it destroys user files, the victim cannot recover its files, even if the ransom is paid. The campaign starts with an email, received from somebody named ‘Eva […]

Nemty ransomware attack blocked by Ranstop

Ransomware test subject – Nemty Nemty is a relatively new ransomware, spotted at the end of the last month, and has seen a few iterations since its appearance. The very first variant had references to the Russian president and antivirus. More precisely, the code contained a link pointing to a picture of the Russian president […]

Ranstop blocks Phobos ransomware

Ransomware test subject – Phobos Phobos appeared on the ransomware scene late 2018 – early 2019, and since then, the developers released more than 50 variants, making the family one of the most active of this year. The malware itself is closely related to Dharma (or CrySis), and we can only assume that the actors […]

GetCrypt ransomware analysis – TEMASOFT Labs

Ransomware test subject – GetCrypt GetCrypt is a recently released ransomware, distributed using malware campaigns, which redirect users to the RIG exploit kit, finally detonating the payload, the ransomware itself. It attacks vulnerable Windows PCs set to any language, except Russian, Ukrainian and a few others, probably pointing to its origins while doing so. GetCrypt […]